An Overview of Cyber Security in Financial Services
October 7, 2021
At Neocova, we recognize the importance of cyber security — for our customers as financial services providers, and for us as a data-enabled financial technology firm. It is especially important for firms within the financial services spectrum to be aware of the value and sensitivity of the data they hold, and to take painstaking measures to protect their customers from exposure to malicious attacks. Plus, increased security results in more trust among customers, which is always a positive thing.
Unfortunately, bad actors are only getting more powerful and sophisticated, as this year has shown with the SolarWinds and Kaseya breaches in addition to the Colonial Pipeline attack. As such, we’ve invested a lot of time and energy this year into continuing to improve our security infrastructure. In honor of Cyber Security Awareness Month, we wanted to share some best cyber security practices as well as the checks and balances we’ve implemented into our own systems.
Cyber Security Best Practices
The following information comes directly from the National Cyber Security Alliance.
Enable MFA. Multi-factor authentication (MFA) adds that necessary second check to verify your identity when logging in to one of your accounts. By requiring multiple methods of authentication, your account is further protected from being compromised, even if a bad actor hijacks your password. In this way, MFAs make it more difficult for password cracking tools to enable attackers to break into accounts.
Use strong passphrases/a strong password manager. This may seem obvious, but all too often securing strong passphrases/password managers is overlooked. People spending more time online during the pandemic has certainly contributed to more bad actors prowling for accounts to attack. Using long, complex, and unique passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is to use a password manager.
Perform software updates. When a device prompts that it’s time to update the software, it may be tempting to simply click postpone, and ignore the message. However, having the latest security software, web browser, and operating system on devices is one of the best defenses against online threats. So, don’t wait – update.
Do your research. Common sense is a crucial part of maintaining good online hygiene, and an intuitive step to stay safe online is to do some research before downloading anything new you are downloading to your device, such as apps. Before downloading any new learning app on your device, make sure to research who created the app, what the user reviews say, and if there are any articles published online about the app’s privacy and security features.
Check your settings. Be diligent to double-check your privacy and security settings, and know who can access your documents. This extends from Google docs, to Zoom calls, and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend, and restrict who can share their screen or files with the rest of the attendees.
The Three Pillars of Cyber Security
At Neocova, we focus on three core pillars when it comes to cyber security:
- People. The greatest risk of data breaches comes from people within an organization making innocent or uneducated mistakes.
- Process. Many organizations do not implement thorough or reliable processes to help protect themselves against data breaches.
- Technology. Often an underutilized resource, technology can be used alongside processes to augment or simplify activities that were formerly a function of people.
In line with these pillars, we have designed a robust, multi-level security program that leverages technology in lockstep with core processes. This helps mitigate our risk of cyber-attacks while removing a significant amount of undue responsibility from the shoulders of our team.
Our Technical Controls
We have designed a number of complementary controls to include implementing separation of duties in various ways, including in our cloud infrastructure.
Internally, we emphasize multiple practices in an effort to keep customer data and internal data separated and protected. These include isolating instances and sandboxing, which helps keep customers’ data secure. Our cloud is encrypted and all access requires 2-Factor Authentication (2FA) to ensure the legitimacy of logins.
Our cloud-native architecture significantly reduces our attack surface, compared to a traditional server environment. Due to multiple geographically dispersed data centers and technology stacks, we have inherent Cloud Platform Resilience. We have restrictive Cloud Data Access Control Lists (ACLs) and full control and visibility to manage cloud resources internally through a unified, cross-organizational view. Additionally, we’ve implemented security controls that detect misconfigurations before they reach production — preempting any impact.
In essence, we’ve injected each process with technology and thoughtfulness, in an effort to prevent problems rather than reacting to them after they occur. We find this helps our customers and our employees alike feel much safer and at ease — and it helps us prevent frayed nerves from constantly being in reactive mode. We bring government-grade security to community banks by ensuring that security is baked in, not bolted in. But what really sets us apart is how we partner with clients to solve their business problems by leveraging security in a new way.
A Summary of Our Approach to Cyber Security
Our approach to security is responsible and simple. At Neocova, we are all FinTech Security Officers (FSOs) first. Our five-point FSO framework is deeply rooted in industry standards and regulatory authorities for security and privacy. This provides a holistic means of protecting sensitive client information, in addition to a robust and ever-evolving cyber security posture. This successful risk management approach is accomplished by unifying people, processes, and technology.
None of the items we’ve listed above are foolproof. But when combined, they can make a significant difference in your online presence and security. Most of the tips we’ve listed in the first section of this blog (courtesy of CSAM) are easy to follow and free to implement. These can exponentially decrease the odds of an attack — saving you lots of money and allowing you to sleep better at night.
If you work for a financial institution that struggles to maintain data integrity and security, reach out to us. Our team of experts can help you find the right solution for your specific situation — and help you accelerate your data mastery.