How Fintechs Can Ramp Up Their Cybersecurity Efforts
Rahul Bhargava Chief Product & Technology Officer, InCred
Have you noticed the growing hesitation of people towards the physical handling of money? Given the pandemic-induced phobia over physical contact, it is a fairly understandable new pattern of human behavior. But assisting here are the myriad digital payment solutions which people can use instead. Similarly, in many other areas, technology-enabled digital ways of working are fast becoming the norm.
With this trend, the issue of security looms large. This is an era of pervasive tech, and security is more relevant than ever, especially when it comes to fintech companies who deal with people's money and other confidential data. Today fintechs are at the forefront of digitizing the entire suite of financial services-banking, insurance, lending, and much more-and even one security slip can lead to a loss of trust with customers, regulatory action and much worse including the end of business. As such, fintechs must spare no effort in upgrading their security posture and must do it continuously.
Essentially, cybersecurity is the practice of safeguarding computers, servers, mobile services, electronic systems, networks, and data from malicious elements. Its relevance vis-à-vis the high-tech finance space is evident in the fact that cybersecurity is also known as electronic information security or information technology security.
That said, the integration of software and technology in the finance sector calls for top-notch cybersecurity. Financial information is a sensitive one, and maximum security is a rule of thumb. One cannot trifle with the security of classified financial details such as social security numbers, payment card numbers, PINs and passwords.
Components of cybersecurity that fintechs must prioritize
Information security-customer and financial data: Fintechs handle numerous sensitive financial data from their customers or vendors and must deal with such data securely. Any PPI (personally identifiable info such as PAN, date of birth, etc.) should be encrypted end to end. Even within an organization, data exposure should be done so with exclusivity and limited to the right people only. That is to say; appropriate access controls should be maintained. Also any data storage must be in compliance with local laws.
Application/network/device security: Many banks use fintech applications to access real-time information of customers. This access is instrumental in carrying out transactions and streamline various banking operations. However, without adequate network or device security, cyber thefts are inevitable since the same networks can be hacked by cyber criminals. Therefore, top-notch security features are essential. The features so mentioned should include regular vulnerability assessment and penetration testing and quick fixing of issues. Also, two-factor authentication, anti-virus software, disk encryption, and secure password are security imperatives. It is also a good idea to have a security engineer on board to design fintech software with built-in security.
However, the most important part is to ensure that security is made part of the company culture and leadership commitment to it is evident. All fintechs should have a cyber-security policy approved at a board level and must have an annual audit to review compliance with that policy. Further, employees must be trained on the basics of information security, taking precautions on the devices they work on and treating customer data confidentiality. They should undergo regular training on issues such as email led phishing attacks, using customer data safely, best email practices among others. Along with mandatory security training programmes, there should also be annual to ensure continuous focus.
Yes, it takes some time and effort to upgrade and maintain cyber security but for fintechs, this is one area they cannot afford to neglect. It is a foundational element for financial services and must be taken very seriously.