Data security is most important requirement to the customers or user. If the organisation wants to run a business successfully, they need to give surety of data protection as it gives customers the assurance that their data is being collected, processed, and transferred through secure mechanism. Data is most critical and important for businesses of all sizes, from a small start-up to a global conglomerate and so is data privacy.

Data is information processed by a computer system and stored in a system known as server. This information may be in the form of text, image, documents, audio clips, software programs, patents, financial information, secret information, health data, personal information or other types of data.

Every organisation collect data with different mediums either by old traditional method or by modern digital methods. Be it hospitals, banks, companies, government departments etc data is everywhere. Processed data is known as information.

Sometimes a set of data can formulate a sensitive information, so Data privacy is a mechanism to maintain our privacy online, because information is a highly value asset and sought-after commodity by malicious users and cyber criminals. As an end user it is very essential to know what is happening with our online information, what can be done with the data or who all can have access to it. Users often give their consent and allow companies to track and store their data can have disastrous results, so one should have a say in the matter.

Normally organisation focus on the risks originated hackers and cyber criminals, however this is much more than this. Protecting your data privacy is as significant as managing your data security.

Firstly, and fore mostly, Data Privacy is an arm of data security and its motive is to safeguard the data from unauthorized access. Data privacy aims to the proper handling of information based on its significance-

• Regulatory requirements and data privacy laws
• Consent of the data owner
• Privacy Notice
• About the public expectation of privacy.

Main objective of Data privacy is to safeguard the users’ data as per the regulations and users’ rights. Main factors to consider are:

• How to collect and share the data legally
• Whether to data can be shared with the third parties and identification of the third parties with whom data can be shared.
• Adhering to the regulatory compliance and laws limits such as-HIPPA (Health Insurance Portability and Accountability Act), GDPR (The General Data Protection Regulation), GLBA (The Gramm-Leach-Bliley Act), CCPA (The California Consumer Privacy Act), ECPA (Electronic Communications Privacy Act 1986),Personal Information Protection and Electronic Data Act (PIPEDA) and so on. Different countries have different data protection regulations and all these regulations have their own set of rules and legislation pertaining to a specific area, purpose, and type of companies or individuals.

In a nutshell this means protection of critical user information primarily PII (personally identifiable information) of an individual:

PII consists of: – 

• Full Name,
• Address,
• Contact details,
• Date of birth,
• Social Security Number
• Bank Account Number
• Driving License Number
• Some more personal information such as an-
• • IP address,
  • Profile photo,
  • Social media post,
  • Financial Information
  • Medical Information
  • Location
  • And many based on regulatory compliance.

Importance of Data Privacy and Data Security for Business

 Data privacy and security helps in protection of customer’s data privacy.

It helps reduction of the number of information security incidents like data breaches that an organization can suffer.

• It is helpful in maintaining, improving and retaining brand value of the business.
• It is helpful in safeguarding the business from hefty penalties for violating the rules. Regulators impose huge penalties in case of data breach which could be few thousand dollars or a big part of revenue generated, and it’s different for various types of data breach incidents.
• Data sharing will be limited and identification of third party would be done on prior basis according to the risk level of data.
• It saves the organisations from the theft of data by hacker or cyber criminals, that can cause enormous monetary losses
• Data privacy limits the access of customer’s critical data and hence safeguarding the right of customers to be free from uninvited surveillance
• This helps the organisations to keep track of their data breach records and organisations can learn lesson in order to avoid future recurrence.
• Now a days most of the business run on customer’s critical data safeguarding the privacy expectations should be priority of the organisation.
• It helps the organisations from loss of revenue.
• It is also provided competitive advantages to business.
• Last but not the least it is helpful in adherence to the strict policies of how PII is collected, accessed, protected, and erased.
• Data security and privacy controls are helpful in enhancing company’s reputation and built customer trust.

Importance of Data Privacy for Users

• It provides assurance from unauthorised access of data.
• It will keep customers personal, health and financial information safe.
• It generates a trust value for the customer.
• It provides a legal right to the end user or customer to challenge the company in case of any data breach.
• Data can only be collected by receiving consent from the users.
• Companies which collect the data provides data security guarantee to the end user.

Tips and Tricks to help protect your personal data

Data privacy is such an important issue, nowadays many government organizations and companies spend a good part of their revenue each year to help protect their data—which could include your PII (Personally identifiable information)—from exposure. As an end user may not be able to implement high end security solutions to safeguard their personal data, however there are inexpensive ways whichyou can take to help protect your data. Below are a few suggestions:

• Use strong passwords for your online accounts also avoid having same password for multiple accounts. Change password on regular basis.
• Chane the default password for your home network devices, especially Wi-Fi device. A weak password is easy to guess and any unauthorized person can connect to your network with malicious intent.
• Avoid clicking on any random link received via mail or message, these can have malicious links which will give access of your device to cyber-criminal who could eavesdrop your network traffic including personal data.
• Don’t ever share your personal details like bank account number, credit card detail, social security number, Aadhar card number etc over call.
• Avoid writing your personal details like phone number and address at public platform unless necessary. This could sometimes be very dangerous if accessed by any cyber criminal.
• Avoid sharing too much personal information on social media platform.
• Always use security setting on social media accounts, which you can always secure your accounts by changing in Privacy settings. Always keep your social media count in most private mode in order to avoid disclosure of personal information.
• Use VPN (Virtual Private Network) for online activities, however avoid the freeware for financial transactions.
• Share your personal details over the websites which are using encryption.
• Carefully shred all the personal document, receipts, bank statements and your courier packaging as well before discarding.
• Use genuine software on your system.
• Install antivirus and anti malware.
• Always keep firewall on.

Data Protection regulations and laws of different countries are developed and designed in order to maintain the data privacy of the citizens of that particular country. There are many countries where data privacy is already in place, however there are countries where there are no such laws. Having a framework for data privacy and security will definitely safeguard the critical information. A set of defined roles and responsibilities, network security controls like firewalls, secure configurations, Intrusion detection and prevention systems, monitoring, logging the activities, having proper procedures and processes in place of conducting any activity like access provision, de-provisioning, change management, patch management, backup management, privilege access management, physical security management etc certainly provide a more secure environment to data and information systems. Expectation and responsibilities of third-party service providers also plays critical role in data security. Technical controls should be according to the organisations risk appetite and relevant regulations.

Although cyber criminals are inventing new techniques to intrude into the networks but using encryption techniques will help the data in non-readable formats.

 Data is the most precious asset for both organisation and customer, a vigilant consumer and an organisation with adequate resources, diligent employees, regular monitoring, proper governance, periodic reviews can safeguard their information assets and maintain data privacy and security.

#Keywords,-Data security, data privacy, encryption, Cybercriminals, hackers, GDPR,HIPPA,GLBA , CCPA , ECPA ,PIPEDA, password protection, network security, patch management,

]]> http://www.cyberlaws.org/cyber-security-challenges-faced-by-fin-tech-start-ups/ Tue, 26 May 2020 16:22:56 +0000 http://www.cyberlaws.org/?p=423

Cyber Security Challenges by Fin tech

cyber Security Challenges Fintech. This era of digitization and digitization, where every segment of businesses is using technology to provide services to customers, banking and financial industry has transformed their services by financial technology- FinTech.

Fin Tech were providing their services in the form of e-wallets, online and mobile payment systems (Paytm,PayPal, Apple Pay), virtual buying of stocks, etc. But the recent times did bring a bunch of new disruptors that will displace traditional e-commerce providers.Such new FinTechstart-ups are offering more efficient services, seamless customer’s experience, and free person-to-person payments.

FinTechs business can increase profitability and enhance a company’s performance while helping them improve customer service. FinTech also provide an opportunity for companies to expand their portfolio online while solving industry issues such as credit card processing, money transfers, or processing a loan.

But everything is not so smooth with Fintech business. There are few cyber security challenges and risk associated with Fintech business, which every FintechStatups shall be aware of.

WHAT IS FIN TECH?

Fin Tech is the abbreviation used for Financial Technology which aims to compete with traditional method of finance. There are many financial institutions consider this term as backend of their business and sometimes regular banking apps are included in this term.

Fintech business includes mobile payments, money transfers, loans, crowd funding, asset management and many other things.

In simple words-FinTechis the implementation of modern technology in traditional financial services and in the management of financial aspects in various companies and business. Anything from the financial mobile apps and new software installed, processing the money transactions and calculating business models.

Risk in Financial Sector:

Even, in general ,every individual and organisation ,  are worried about information and cyber security , conditions in financial sector is more critical  and fin tech business take the issues more seriously. Some of the recent studies shows that banks are investing a large amount of their funds in designing and implementing security to safeguard themselves from cybercriminals

Few more areas of concern includes cloud based technologies, mobile updates and system upgrades. These findings show that cyber security is the most important risk which the Fin Tech companies are facing.

CYBERCRIME AND CYBER SECURITY IN FINTECH LANDSCAPE

As FinTech start-ups and companies continue to disrupt the global financial landscape, a peculiar feature and perhaps their biggest advantage is that they are not held back or burdened by law, regulations, or existing systems. Also, they are more aggressive, more agile, and more willing to explore and make risky choices. But this total dependence on technology and adventurous attitude to aid financial services delivery may also be their greatest weaknesses.

 

FINTECH FIRMS ARE FACING CYBER SECURITY CHALLENGES  IN FOLLOWING AREAS

Application Security

Fin Tech firms mainly relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Applications are used by multiple persons and, are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks.

FinTech firms and Banking companies need to ensure that a secure application security strategy such as a virtual private network is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as to detect and patch vulnerabilities

Network and Cloud Security

Like other organisations, many FinTech firms also utilize cloud services to provide consistent, salable performance with lower upfront costs, rather than the traditional network. However the cloud infrastructure shall be secured differently than a data center or traditional network. Banks and FinTech firms must ensure that the same security standards they apply to their networks are applied in the cloud.

Along with detection and prevention, this security must also be dynamically salable and adaptable to ensure that is can grow seamlessly alongside cloud use. Additionally, in order to secure financial data, FinTech firms need to implement aloud access security, along with internal segmentation to improve data visibility while integrating industry security standards.

Inadequate Threat Intelligence

Threat Intelligence is another challenge for Fin Tech firms, an integrated defense needs to be enabled with automated threat intelligence to become a holistic system. As Fin Tech firms and banks enter partnerships, it will be impossible for IT teams to gather and assess all of this threat intelligence promptly manually. Automation, artificial intelligence and Machine learning will be integral to this process.

Cyber criminals are already leveraging automation to make attacks more persistent and effective. Likewise, artificial intelligence, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organizations to keep pace with cyber-criminals.

LACK OF ESTABLISHMENT OF BETTER SECURITY PROTOCOLS

This is one of the most significant issues that Fin Tech start-ups firms face is selecting best security mechanism, like security protocols to enhance encryption data. Inadequate security protocols, data is easily exposed, leaving companies vulnerable to attacks.

Tunneling protocols used in VPNs are effective at encrypting Fin Tech data. Some of the best-known tunneling protocols include:

• Internet Protocol
• Point-to-Point Tunneling Protocol.
• Layer Two Tunneling Protocol.
• Internet Key Exchange version 2.
• Secure Socket Tunneling Protocol.

These tunneling protocols provide different levels of protection and provide security in different ways. Fin Tech should research and become more familiar with the different types of protocols and how to use them within a virtual private network – this is especially true in a financial environment where cyber threats are imminent and ongoing

ADDRESSING VULNERABILITIES IN INFORMATION TECHNOLOGY SYSTEMS

Integration of multiple systems and technologies leads to multiple cyber vulnerabilities. When two systems that are not designed at the same time by the same developers often pose compatibility issues and challenges in security, given the limitations in technology. Technology Engineers face issues while integrating two different systems, sometimes engineers working on different systems doesn’t even know how the other system works and vice versa, which makes identification of vulnerabilities more difficult.

Cyber criminals like hackers exploit these vulnerabilities to gain access to the system.

Many cyber criminals gain access to applications and networks because of improper configuration during installation. There are other techniques that are often used like spear-phishing, where humans mistakenly open spam emails and download malicious attachments or enter confidential information into fake websites to which they are redirected. So this is important for all Fin tech Startups to  raise awareness of cyber criminal risks and educate the newly banked on digital and financial literacy to teach them best practices to ensure security when engaging in financial transactions online.

LACK OF COMPLIANCE REGULATIONS RELATED TO CYBER SECURITY

Rapid growth in happening fast in Fin Tech firms. Fin Tech start-ups are flexible enough to change and adapt to evolve alongside consumer demands, rapidly.They are flexible and quick partly because there are not the same regulatory rules as traditional financial services for them. However, there are no regulations are controlling the way start-ups conduct their business. This is making the Fin Tech firms vulnerable because, they can sacrifice cyber security in order to capture the market as fast as possible.

Fin Tech Companies are collecting and storing personal information, so they needs to safeguard customer data. Further the challenge of is the way they protect this data. Many of Fin Tech firms have adopted bank-level security measures and fine-tuned them for their digital platforms.

Use of secure applications , regular vulnerability assessments on networks and applications , patching the applications on time, using Secure socket Layer(SSL) encryption while transferring the data is the must for enhancing cyber security. Fintech can opt for ISO 27001:2013 (ISMS) for overall cyber security.

There is need of some strong regulation, which would inspire start-ups to invest some of that venture capital money into their security.  As the Fin Tech industry grows, so will their defense against breaches.

Related Articles

CYBER SECURITY CHALLENGES FACED BY FINTECH START-UPS

CRM Data Security. The CRM industry is facing new kinds of challenges, As Most of the CRM have been moved to the cloud  and are offering integrated services to their clients, CRM information security has become an integral part of this industry. Companies are spending a good chunk of money to find & research on various ways to secure their clients data.

Some of the basic and simple modules in crm data security.

Encrypted Data Communication

Basically Encryption is converting data into another form, this is done so that at the receiving end data can be opened by people or code having the Key (description Key). CRM software should assure that the data communication taking place is totally encrypted and secured over the transportation layer. There are various data encryption available like AES, RSA, TripleDES, Twofish etc.

Data Storages Techniques

There might be various ways in which data from the crm is getting stored, Mobile App storage could also be a part of this. Various data storage techniques available are ON-PREMISES, COLLOCATION, PUBLIC Cloud, PRIVATE CLOUD etc. Now it’s up to the company to provide various solutions to the clients depending upon their need & Security.

HTTPS layer Protection

Most of the application frontend is on the web, and web is based upon internet communication, so HTTPS is Hypertext Transfer Protocol Secure. It’s important to have https layer security to access the crm, hence giving browsers extra layered security makes it better: While login one should always see that the page is secure via : https. This actually helps secure your credentials submitted on login page.

Certification & Compliance

Companies should get the whole process audited with the competent authority, this will not only help the company maintain better processes and these certifications gives customers assurance that the companies are taking care of their data in the better way. Some of the other compliance like, Third Party Assessments, data center security certification, ISO 27001 Certifications, GDPR compliance etc. makes more promising business deals.

Data Backups

It’s not only the duty of the serving company but it’s the duty of the buyer to remain proactive, hence the buyer should take regular backups of their data and secure it on their private devices. Moreover many methods are available like saving data in datasheets, saving data in SQL formats, attachments etc. buyers should always research before buying any CRM. Various options are mostly available inside the admin panel ie: Twice monthly,  once monthly, Every Week, Download.

Centralized Vs Decentralized CRM 

Its very important to understand what is centralized and what is decentralized, Today’s cyber security strategy asks for more decentralized systems, and more and more companies are moving towards block-chain but the time we reach optimized block-chain solutions, we must use different ways like primitive methods to keep the system decentralized , so that in case Denial – Of – Services happen, it should not impact the whole system. It Little time consuming & difficult to handle decentralized systems than centralized systems, but in the long run it helps where cyber security fails, decentralization saves, either companies get affected with downtime syndrome. Everybody knows more down time means losing credibility exponentially hence losing customers.

Summary is that companies making crm software should  work towards making crm more secure day by day. They should spend money on cyber security and should assure their clients about their data. They should assure that the future is more secure for the enterprise using CRM or totally dependent upon these tools. 

Tags: #crm #crmsecurity #datasecurity #dataencryption

RELEVANT LINKS

Mobile App testing Check for QA