Security · IT Support
Every Device Is a Doorway to Client Money Data
6 July 2026

A stolen laptop is not just a hardware loss. In a wealth management or advisory firm, that laptop might hold access to client portfolios, deal documents or personal financial data. The device itself is replaceable in an afternoon. What it can expose is not.
Yet endpoint management is often the most under-invested area of a firm's technology environment, because devices feel personal and familiar rather than like a security boundary. That perception is exactly the problem.
This article relates to the Endpoint & Device Management domain of the Technology Resilience Score. It looks at whether your firm actually knows which devices can reach its systems, and what would happen if one went missing.
Why endpoint management is different for financial services firms
Financial services firms carry a specific kind of exposure. Client money data, portfolio positions and unpublished deal information all sit behind whatever device an employee happens to be using — often outside the office, frequently on personal or lightly managed hardware.
- Advisers and dealmakers routinely work from client sites, home offices and while travelling
- Devices frequently hold cached access to email, portfolio systems and file stores
- A single compromised device can expose data covering multiple clients at once
- Smaller firms often lack a central register of which devices are in use and by whom
Without visibility and control, every new laptop or phone is a decision made without security in mind.
Consumer Duty and the reliability clients are entitled to expect
The FCA's Consumer Duty sets out that firms must deliver good outcomes for retail customers — and that includes the basic expectation that a client's data and service will actually be there when needed. A lost or compromised device that exposes client information, or takes a key system offline while it's dealt with, is a direct hit against that standard. It is not enough to intend good outcomes; a firm has to be able to demonstrate the operational controls that make them reliable in practice.
Endpoint management is one of the least visible ways this plays out day to day. The key question becomes: "If an adviser's laptop was lost on a train this evening, would we know within the hour, and could we act on it immediately?"
Is your firm's technology environment resilient?
Find out whether your devices are properly tracked, secured and ready to be locked down at a moment's notice.
Get your Technology Resilience ScoreThe problem with informal device management
Many firms manage devices through habit rather than policy. It works fine until the day it doesn't.
- No single, accurate record of which devices can access which systems
- Personal devices used for email or client communication without any oversight
- No standard process for wiping or disabling a device that leaves the business
- Encryption and security settings applied inconsistently across the fleet
Informal management is invisible right up until an incident forces someone to ask questions nobody can answer.
What weak endpoint management looks like in a financial services firm
These patterns show up repeatedly in firms that haven't yet treated devices as a formal part of their risk environment.
- No central inventory of laptops, phones and tablets in circulation
- Leavers whose devices were never confirmed as wiped or returned
- No remote lock or wipe capability for lost or stolen devices
- Personal phones used to access email or client systems with no management controls
- Inconsistent patching, leaving some devices months behind on security updates
- No policy distinguishing company-owned from personal devices
Each gap increases the odds that one lost device becomes one exposed client.
What strong looks like
A well-managed firm knows exactly which devices exist, who holds them, and what each one can access. Every device is enrolled in a management platform that enforces encryption, patching and configuration standards automatically, and a lost or stolen device can be locked or wiped within minutes, not days.
Offboarding is a formal process, not a memory-dependent one — when someone leaves, their access and their devices are dealt with the same day, every time.
How this TRS domain helps financial services firms improve
The Endpoint & Device Management domain of the Technology Resilience Score assesses whether a firm has real visibility and control over the devices touching its data, not just a general sense that things are handled.
- Confirms whether a complete, accurate device inventory exists
- Assesses encryption, patching and configuration consistency across the fleet
- Reviews how quickly a lost or compromised device can be locked down
- Checks whether offboarding reliably removes device access on day one
The result is a score out of 5, giving your firm a clear baseline and a structured improvement path for closing the gaps that matter most.
Treating devices as part of the perimeter
As firms become more mobile and more cloud-based, the device itself becomes the real security boundary, not the office network. Little Big Tech already supports a high-profile venture capital firm in London on exactly this basis — treating every laptop and phone as a managed, accountable asset rather than a convenience.
The Technology Resilience Score gives ambitious financial services firms a benchmark across 10 domains, including Endpoint & Device Management, so device risk is measured rather than assumed away.