Try Now
Get hands on with Cobalt's PtaaS Platform

4 Security Tips for Financial Tech Companies

A few weeks ago, financial giant JP Morgan revealed a security breach that affected over 76 million businesses and individuals across the...

A few weeks ago, financial giant JP Morgan revealed a security breach that affected over 76 million businesses and individuals across the US. Because of the valuable assets and financial information that the company holds, it was a natural target for hackers. These hackers spent weeks rooting through 90+ servers, gaining access to the PII of its customers, and accessing the technological blueprints containing a full list of applications in use by the company.

Given the mounting number of security breaches this year and the growth in the financial technology sector, US Treasury Secretary Jacob Lew and many others have named malicious online attacks as a growing threat to the financial industry. Though this news may seem intimidating, even to the big the companies with the largest security budgets, here are a few security tips for financial services sites and financial tech businesses:

1. Limit access to vital data +asset

Reduce the attack surface and human factor. By giving access to only those who need it inside of an organization, companies can vastly improve the security of important assets and resources.

2. Encrypt your data… ALL of it

Whether it is dynamic or at rest, encrypt everything that goes between your servers, web clients, and end users. Strong, site-wide HTTPS/TLS is the best way to mitigate MiTM attacks that have the ability to distort data transferred between servers and users.

3. Put strong security policies in place for your employees

When large amounts of money are potentially at stake, attackers are willing to play a long game that combines social engineering and brute-force attacks to compromise web application security. Wherever possible, companies should create policies that mandate for strong, unique, and random passwords, activating 2-factor authentication, as well as setting up proactive physical security rules that can decommission a device if it is lost or stolen.

4. Engage in testing outside of the scope of security + compliance audits.

Though PCI and finance regulations mandate certain protections for web applications, environments that are in constant development are potentially creating vulnerabilities in each code push. Setting up a bug bounty program with skilled security researchers who subject a web app to a diverse set of tests is one cost-effective way to find security issues outside of the scope of a regular audit.

These tips may not be able to stop the most dedicated hackers; however, they are a solid starting place for securing financial information. Set up a demo today, to see how Cobalt’s security platform can help secure your company’s web applications.

Back to Blog
About Julie Kuhrt