Ensuring the Security of Your Financial Information
At HPH Solutions, safeguarding client data is our top priority, and we have implemented stringent measures to ensure its confidentiality, integrity, and security.
Below are responses to some FAQs:
How safe is my information?
We have a multi-layered security framework in place that includes:
- Employee vetting & training – All staff undergo police background checks before onboarding and receive ongoing cybersecurity training.
- Access controls – We use Multi-Factor Authentication (MFA) to prevent unauthorised access to client data.
- 24/7 system monitoring – Our Managed IT Service Provider continuously monitors network activity to detect and address threats proactively.
- Advanced cybersecurity measures – We maintain endpoint protection software (CrowdStrike), managed by a cyber specialist, separate from our IT Managed Service Provider.
Who has access to my information?
A robust cybersecurity framework begins with trusted personnel. To uphold security integrity:
- Police Clearance: All employees undergo mandatory police background checks before onboarding.
- Continuous Education: Staff members receive regular cybersecurity education to stay ahead of emerging threats, ensuring best practices in data protection and threat mitigation.
- Access Control: We are currently enhancing our internal processes that will allow us to restrict access to client information for only those employees who require access to your information for service delivery. By the end of this financial year, our internal systems will operate on a "least privilege" principle, meaning employees can only access the specific data necessary for their role.
What is the backup plan in case of a data breach?
We have a comprehensive Incident Response Plan that includes:
- Immediate threat containment and mitigation.
- Investigation and risk assessment to determine the breach impact.
- Communication with affected parties, in compliance with legal obligations.
- Restoration of data and system security enhancements.Additionally, we maintain cyber liability insurance to ensure business continuity and client protection in the event of a cyber incident.
Can all my information be deleted after implementing my advice?
In regard to deleting your information, it is a condition of holding an Australian Financial Services Licence that a licensee must retain all material relating to the provision of personal advice to a retail client for a minimum period of 7 years after the date the advice was provided. This requirement applies in all cases and is not contingent on the acceptance of advice by the client. You may use this link to refer to the ASIC Instrument Federal Register of Legislation - ASIC Corporations (Record-Keeping Requirements for Australian Fin… that details this requirement.
Can sensitive information, such as bank account numbers and tax file numbers, be redacted?
We take extra precautions to protect sensitive information. If and when required, we can and do redact or remove any personally identifiable information from our records once it is no longer needed.
What You Can Do to Stay Secure
Cybersecurity is a shared responsibility. You can take proactive steps to protect your data:
- Use Strong, Unique Passwords: Ensure your passwords are complex and not reused across multiple accounts.
- Enable Multi-Factor Authentication (MFA): Where available, activate MFA to add an extra layer of security.
- Be Aware of Phishing Scams: Avoid clicking on suspicious links or sharing personal information via email or text messages.
- Keep Software Updated: Regularly update your operating systems and applications to protect against vulnerabilities.
- Monitor Your Accounts: Regularly check bank accounts for any unauthorised transactions or unusual activity.
Our Commitment to Ongoing Security Enhancement
Cyber threats continue to evolve, necessitating continuous refinement of our security framework. Our commitment is to proactively enhance cybersecurity measures. If you have any concerns or require additional information, please contact us.