siliconindia | | JULY 202119Fintech dwarfs all sectors when it comes to the size and frequency of data transmissions taking place. A single breach can be all it takes to bring all the entities downgerous aspect of such a compromised state of affairs is the stream of phishing emails carrying infected files or links to infected websites. Unfortunately, financial insti-tutions' propensity for online transactions is not matched by their determination to upgrade their systems; many still cite the cost and effort required as a significant bar-rier to change their IT systems. This makes them sitting ducks to any raiding parties that are looking out for an opportunity to attack.UNSECURED CHANNELS:It is common for fintech firms to launch various ver-sions of their product or services for desktop, mo-bile web, and mobile app so that customers can access them via multiple channels. However, this becomes a security risk when fintech firms do not indepen-dently consider the requirements of each channel. For instance, hackers can easily plant a malicious code in a mobile device. When a mobile user accesses the site, the hacker can retrieve all passwords and other creden-tials. Employing advanced authentication features, like multi-factor authentication, or pre-boot authentication ensures that security information on a device can never be compromised. UNENCRYPTED DATA TRANSMISSIONS:Fintech dwarfs all sectors when it comes to the size and frequency of data transmissions taking place. At any given hour, various data streams flow between B2B and B2C entities from different channels, platforms, applica-tions and connections. A single breach can be all it takes to bring all the entities down. Securing the networks and encrypting the data act not only as a deterrent, but also protect assets from misuse.Cloud Platform Usage: Data security on cloud is one crucial area that needs constant monitoring. Fintech firms must take conscious steps when choosing a public cloud server. As third-party vendors, public cloud service pro-viders offer little or no control to fintech firms when it comes to data protection. It is highly recommended that fintech firms develop their own private cloud, with their own security and control mechanisms. In any case, when moving the IT infrastructure to the cloud, fintech firms should ensure that data is encrypted, even before it leaves the network.Archaic Security Policies: It is quite common to find companies languishing in old-school security policies that focus on the device, rather than its content; they often do not adopt policies to include emerging technologies. It is important for fintech enterprises to regularly upgrade and review their security policies and tools to protect against newer sources of threats. It is further recommended that Data Security strategy reviews should become an on-go-ing item on Board and executive agendas; leading to an environment of common and collective direction that can be supported across the organization MANUAL PROCESSES AND AD HOC SOLUTIONS:Fintech firms prefer solutions with a separate security ap-proach for each platform; these piecemeal solutions are inefficient and risky. Moreover, fragmented approaches make it difficult to enforce compliance because they are so difficult to administer. For instance, providing access requires a mix of security mechanisms: authenticating us-ers, enforcing access controls, and managing encryption on endpoint devices. Automating the provisioning and enforcement of processes not only reduces a substantial workload for IT staff, but also protects the organization from human error, inefficiencies, and silos that may allow for unintended malicious access to the data.
< Page 9 | Page 11 >