Given the mounting number of security breaches this year and the growth in the financial technology sector, US Treasury Secretary Jacob Lew and many others have named malicious online attacks as a growing threat to the financial industry. Though this news may seem intimidating, even to the big the companies with the largest security budgets, here are a few security tips for financial services sites and financial tech businesses:
1. Limit access to vital data +asset
Reduce the attack surface and human factor. By giving access to only those who need it inside of an organization, companies can vastly improve the security of important assets and resources.
2. Encrypt your data… ALL of it
Whether it is dynamic or at rest, encrypt everything that goes between your servers, web clients, and end users. Strong, site-wide HTTPS/TLS is the best way to mitigate MiTM attacks that have the ability to distort data transferred between servers and users.
3. Put strong security policies in place for your employees
When large amounts of money are potentially at stake, attackers are willing to play a long game that combines social engineering and brute-force attacks to compromise web application security. Wherever possible, companies should create policies that mandate for strong, unique, and random passwords, activating 2-factor authentication, as well as setting up proactive physical security rules that can decommission a device if it is lost or stolen.
4. Engage in testing outside of the scope of security + compliance audits.
Though PCI and finance regulations mandate certain protections for web applications, environments that are in constant development are potentially creating vulnerabilities in each code push. Setting up a bug bounty program with skilled security researchers who subject a web app to a diverse set of tests is one cost-effective way to find security issues outside of the scope of a regular audit.
These tips may not be able to stop the most dedicated hackers; however, they are a solid starting place for securing financial information. Set up a demo today, to see how Cobalt’s security platform can help secure your company’s web applications.