With the increase in cyberattacks prompted in part by the ongoing Covid-19 pandemic, it is more important than ever for businesses to have the correct security measures in place to avoid an attack.
Gary Orenstein is the Chief Customer Officer at Bitwarden, and open-source password manager for businesses and individuals. Here he shares his top considerations for fintechs to pick the best password managers for their needs.
Fintech has driven significant innovation throughout the UK’s finance industry causing major disruption to Financial Services sectors. However, as the industry evolves so do cyber threats. A recent PwC report noted that financial services executives are already aware of potential risks. In its 19th Annual Global CEO Survey, 69% of financial services’ CEOs reported that they are either somewhat or extremely concerned about cyber threats, compared to 61% of CEOs across all sectors. After healthcare, fintech is the second most frequently attacked industry. This comes as little surprise given the amount of sensitive and high-value information these firms have access to. Overall fintech firms have a unique set of security needs.
Not only has the industry got to protect vast amounts of customer data, but it is also subject to regulatory and compliance requirements. These combined circumstances mean fintech firms need to acquire additional levels of security, such as credential management solutions.
In this article, we’ll examine the top five considerations for picking the right solution for your fintech company.
Choose a Solution With a Zero-Knowledge Encryption Model
Fintech companies should ensure the complete encryption of all vault data when choosing a credential management system. Most password management systems employ an end-to-end encryption model for users’ secure information. However, there are well-known password management systems that do not encrypt everything, for example leaving URLs unencrypted and visible to the vendor. With URLs exposed, fintech firms do not have guaranteed privacy of all of their vault data.
Focus on Open Source and Third-Party Audited Software
When considering software infrastructure as critical as credential management, open-source solutions provide the widest and most transparent view into the software. This allows fintech companies, along with a global community, to continuously examine the source code, understand its operation, and identify potential vulnerabilities. This broad visibility is simply impossible with proprietary software. Third-party audits further ensure confidence for users that the software is operating as intended, with the right encryption and security models in place. Open source provides the easiest integrations and development. Of course, developer-friendly access via a command-line interface (CLI) or application programming interface delivers one level of integration. The ability to see, examine and integrate the source code gives flexibility beyond proprietary offerings.
Balance User-Friendliness With Appropriate Security Levels
Security leaders must constantly balance usability and protection. Choosing solutions that serve both technical and non-technical users can help. Fintech firms should look to include the following in credential management offerings:
- Cross-platform compatibility across a wide range of browsers, mobile, and desktop operating systems.
- Biometric logins where appropriate for end-user access.
- A range of two-factor authentication options.
- A broad community to assist users in all areas, beyond what any single company can provide.
With these capabilities in place, fintech companies can provide powerful and complete credential management solutions to all of their employees.
Ensure Complete Data Ownership When Required
Fintech companies often have to accommodate stringent security measures, and abide by regional and industry compliance regulations, leading to specific data ownership requirements. While cloud solutions provide a compelling method to start and scale, they are not always able to accommodate all of these more stringent requirements. Choosing a credential management system that offers the ability to self-host, in a private cloud or on-premises environment, gives fintech companies complete data control. For many companies, this leads to fast deployment since their private cloud or data centre already complies with overall requirements. Even if a company chooses to deploy via the cloud today, the option to self-host is a compelling option to retain for future needs.
Pick Solutions With Complete Enterprise Controls
No two companies are identical and having the ability to customise configurations allows fintech businesses to set the right security foundation for their team. For example, when onboarding and offboarding users, companies may choose to link to their Directory Services infrastructure to simplify user setup. Enterprise policies play a critical role in customisation and include the ability to determine password requirements, two-factor authentication, and login path selections for users, such as through an existing Identity Provider using Login with SSO. Logging capabilities also help companies understand user behaviour, and provide the audit trail necessary to do forensic analysis. Simple methods to share log data with security information and event management (SIEM) tools, such as Splunk, further solidify workflows with the IT administration team
Empowering Employees With Credential Management
Unfortunately, employees are too often left to determine their own credential management practices. Companies providing both the tools and corresponding training reduce the risk of cyberattacks and establish best practices for their employees to ensure the most secure future for all. With cyber threats constantly evolving, fintech firms should make sure hosting regular training for employees on spotting cybersecurity threats a top priority this year.
