For players in the financial services and fintech ecosystems, data is our business. So it makes sense that data security takes center stage in everything we do. There are three central facets to data security protocols: exceptional visibility, best-in-class tech, and a deeply rooted culture of security awareness.
Are your security standards, or those of the data provider you work with, up to par?
When consumers permission their data to various third-party services and providers, they want to know that their data is safe. Once that trust is established, 40 percent of consumers increase their transactions, 39 percent increase spending, and 49 percent go on to tell friends and family about their positive experience with an organization.
Giving consumers the ability to control what data they share and who they share it with opens up so many new opportunities for improving financial wellness. But we have to make sure security keeps up with the ever-accelerating pace of product innovation and bad actors.
Here are three metrics you can use to analyze your own data security, or the protocols in place at your partner aggregator.
First things first. You have to recognize vulnerabilities, training deficiencies, and reconnaissance attempts against your platforms, both internally and externally. After all, you can’t protect what you don’t know about or what you can’t see. Having a complete picture of alerts, alarms, and probes against your platforms provides greater visibility into areas of possible exposure.
Behind the scenes, prioritization is critical to efficiency. McKinsey explains that “a strong cybersecurity strategy provides differentiated protection of the company’s most important assets.” Taking the time to conduct an asset audit will produce a clearer picture of which systems need the greatest attention from your security team. Once this hierarchy is established, it becomes easier to tailor workflows for optimal efficiency and security coverage.
The Best Tech
What tech specs should you expect in a top-notch data security system? Multi-factor authentication, pretty standard in most security protocols these days, is crucial. Beyond that, you should expect robust third-party penetration testing. That outsider view of your security system is invaluable and can expose any gaps in coverage. Of course, encryption is critical. Not only should data be encrypted while it’s actively being used, it should be encrypted while it’s at rest.
Finally, when at all possible, tokenized access is the ideal way to reduce the amount of Personally Identifiable Information data that gets shared. This is especially important when you’re dealing with financial records that can include items like social security numbers and bank account information.
Culture of Security Awareness
As important as all of those technical security processes are, they will never be enough if you don’t invest in a culture of security. What does this mean? It means employing a Defense-in-Depth approach. That looks like 24/7 monitoring and physical security, employee education and awareness, and participating in third-party audits of systems. We have found that complying both ISO27001 and Service Organization Control (SOC 2 Type 2) protocols provides an additional layer of awareness and scrutiny. We’re audited for these standards every year.
Basically, everything from how employees access their office space to the details of our risk management processes is designed to enhance security. Gene Frederiksen, Chief Information Security Specialist at PSCU, explains it this way: “A culture of security is in place when action replaces rhetoric. Security is easy to talk about but not always easy to do.” In other words, if your data security plan isn’t all-encompassing, it isn’t comprehensive enough. Does your organization’s commitment to data security extend to all corners of your business and its culture?
When it comes right down to it, data security impacts everyone across all ecosystems. People want to know that their personal financial data is safe. Companies want to be able to assure customers that their personal financial data is secure. And data custodians want to know they are sharing data with a highly trusted partner. That’s why it’s so important to get the details of your data security system right and to loop in independent auditors and analysts to make sure you haven’t missed anything. When it comes to data management, security is everything.