siliconindia | | April 20189relating to using older or outdated versions of an operat-ing system (OS) or vendor software. As manufacturers of-ten do not support legacy OS with patches or updates, both users and servers become highly vulnerable to exploits. Also, hackers exploit outdated vendor systems to takeover account credentials, leading to a host of other security is-sues. The most dangerous aspect of such a compromised state of affairs is the stream of phishing emails carrying in-fected files or links to infected websites. Unfortunately, fi-nancial institutions' propensity for online transactions is not matched by their determination to upgrade their systems; many still cite the cost and effort required as a significant barrier to change their IT systems. This makes them sit-ting ducks to any raiding parties that are looking out for an opportunity to attack.Unsecured Channels:It is common for fintech firms to launch various versions of their product or services for desktop, mobile web, and mobile app so that customers can access them via multiple channels. However, this becomes a security risk when fin-tech firms do not independently consider the requirements of each channel. For instance, hackers can easily plant a ma-licious code in a mobile device. When a mobile user access-es the site, the hacker can retrieve all passwords and other credentials. Employing advanced authentication features, like multi-factor authentication, or pre-boot authentication ensures that security information on a device can never be compromised. Unencrypted Data Transmissions:Fintech dwarfs all sectors when it comes to the size and frequency of data transmissions taking place. At any giv-en hour, various data streams flow between B2B and B2C entities from different channels, platforms, applications and connections. A single breach can be all it takes to bring all the entities down. Securing the networks and encrypting the data act not only as a deterrent, but also protect assets from misuse.Cloud Platform Usage: Data security on cloud is one crucial area that needs con-stant monitoring. Fintech firms must take conscious steps when choosing a public cloud server. As third-party ven-dors, public cloud service providers offer little or no control to fintech firms when it comes to data protection. It is highly recommended that fintech firms develop their own private cloud, with their own security and control mechanisms. In any case, when moving the IT infrastructure to the cloud, fintech firms should ensure that data is encrypted, even be-fore it leaves the network.Archaic Security Policies: It is quite common to find companies languishing in old-school security policies that focus on the device, rather than its content; they often do not adopt policies to include emerging technologies. It is important for fintech enterpris-es to regularly upgrade and review their security policies and tools to protect against newer sources of threats. It is further recommended that Data Security strategy reviews should become an on-going item on Board and executive agendas; leading to an environment of common and collec-tive direction that can be supported across the organization Manual Processes and Ad Hoc Solutions:Fintech firms prefer solutions with a separate security ap-proach for each platform; these piecemeal solutions are in-efficient and risky. Moreover, fragmented approaches make it difficult to enforce compliance because they are so diffi-cult to administer. For instance, providing access requires a mix of security mechanisms: authenticating users, enforc-ing access controls, and managing encryption on endpoint devices. Automating the provisioning and enforcement of processes not only reduces a substantial workload for IT staff, but also protects the organization from human error, inefficiencies, and silos that may allow for unintended mali-cious access to the data. Fintech dwarfs all sectors when it comes to the size and frequency of data transmissions taking place. A single breach can be all it takes to bring all the entities down
< Page 8 | Page 10 >