What Fintech companies need to know about the convergence of cybersecurity and privacy
As the world continues to digitize rapidly and more and more issues around cyber security and data privacy come to the fore, it is no longer possible to keep conversations around the two separate.
Cyber attacks tend to be conspicuous and make flashy headlines. However, privacy breaches and data compromises that come with such intrusions are not as widely reported. Part of the reason is that most people do not understand the importance of privacy and how it relates to cyber security.
It’s time to take a different approach to understanding how both online security and privacy are connected.
Fintech companies and financial institutions benefit from a partial exemption under state-level privacy laws (and in compliance with requirements such as the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and the Privacy Rule). Nevertheless, they have critical consumer data, and therefore must make an effort to understand the direct impacts their data practices have – for better or for worse.
Numerous institutions such as Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB) and The Security and Exchange Commission (SEC) is now starting to crack down on weak practices. Increasingly, laws and regulations are being introduced that no longer give companies a pass on poor cyber security and privacy practices. Companies that do not take appropriate measures to protect users’ privacy are met with fines and disciplinary measures.
Part of the problem is that fintechs today don’t always have the best understanding of what critical data is in their ecosystem and what they should do to protect it. As more financial institutions become increasingly digitized, it becomes more difficult to conceptualize and track the large amounts of information that constantly flow through the systems.
“Once a business has an understanding of the data ecosystem, it can begin to measure the necessary privacy and adequacy of security around that data,” said Bhavesh Vadhani, global head of cybersecurity, technology risk and privacy for advisory, insurance and tax. solid CohnReznick. “Historically, companies have addressed the latter without really understanding the former.”
As soon as data resides on company systems, a connection is established between data protection and cyber security. The business is now responsible for designing cybersecurity controls and programs that protect personal information from theft, unauthorized access and damage.
Not just a cost center
In the coming years, increased emphasis will be placed on privacy and security maturity as a business differentiator – not just a cost centre. In the meantime, companies must understand that the boundaries of data protection extend beyond the internal systems of their third-party service providers. Companies are still responsible for ensuring that their partners also meet the requirements for privacy and security.
Another important step is for companies to take stock of the security posture of their commercial solutions, ensuring that products on the market – from code and application program interfaces to full-stack applications – have up-to-date security and privacy patches. If the products are not equipped with the best protection, is it really worth the risk of bringing them to market?
Finally, fintechs must remember that anyone in the organization can be an entry point for possible breaches such as phishing, smishing and vishing. Consider your employees the first line of defense against data breaches and ensure they are both vigilant and well equipped.
“Consumers are more informed than ever and want to know how their information is being used.” said Asael Meir, CPA, CohnReznick’s technology industry leader. “Building a trusted relationship with your consumers is no longer optional.”
At the end of the day, a unified information security and privacy program will be a business decision that weighs the costs of collecting and using personal data against the benefits.
Learn more about the cyber security and data protection services provided by CohnReznick here.
Featured image by Sigmund on Unsplash
This post contains sponsored advertising content. This content is for informational purposes only and is not intended as investment advice.
