“We've just introduced two-factor authentication as well to make this even more secure.”
For advisers and brokers who are yet to transition to an online storage tool for their client data, it is still possible to migrate now.
In fact, the ongoing lockdown has spurred some adviser companies to start shopping around for a data storage provider if they had not already started.
Mr Murphy says Smartr365 has seen a “big uptick in interest” from the mortgage industry.
“We’ve had lots of firms that we’ve spoken to before who previously said that they were interested but it wasn’t a top priority four, five or six months ago, who have then come back to us proactively and said, ‘now we are very keen to do this’.”
Doing the legwork
There are huge benefits, particularly for smaller businesses, in using cloud-based services, according to Mr Beckett.
But it pays to do the research and legwork, as he attests: “You need to do some work upfront in thinking about your data and requirements for it and access to it, specifying appropriate requirements to give to the vendors who are asking to bid for the work or are providing a price, and making sure the contract is appropriate.”
When choosing a third party to outsource to, the Financial Conduct Authority differentiates between storage and processing. Mr Beckett notes that adviser firms must consider what it is they want to happen to the data and ask, is it just being stored or processed as well?
The nature of the data is also important, given that much of it will be considered sensitive personal data under GDPR and the UK Data Protection Act 2019, Mr Beckett adds.
“For the most sensitive data, I would also suggest companies should be reserving the right to come in and view, and ask to see records relating to their data,” he explains.
“And then, because breaches are so prevalent, they need to ensure in the contract with the service provider that things like support for an investigation to discover what happened, what data has been affected, who the individuals are whose data has been compromised, that is all part of the contract,” he says.
“If the worst comes to the worst and you want to terminate that service provider following a breach, that you contractually have the right to get your data back in a timely manner so you can continue to provide services to your customers.”
In terms of a timeline for the process of finding a vendor and then finally migrating the data, Mr Beckett estimates that advisers should anticipate it taking around two months, dependent on the type and volume of data.
