Protect Your Innovation: Cybersecurity Essentials for Fintech Entrepreneurs

The fintech industry is jam-packed with trading apps, crypto-investment vehicles, traditional banking services, and, of course, an array of disruptors. Money is flowing, facilitated by user-friendly interfaces and clever innovations. One such startup is Robinhood and when their app launched in 2015, it stood out. It attracted millions of users, with branding that appealed to the young and the curious. Its rapid growth made it a darling of the fintech world, and a tempting invitation to cybercriminals.

In late 2020, it was revealed that cybercriminals used social engineering tactics to gain access to customer accounts, and they demanded a ransom. While no social security numbers were obtained, millions of email addresses were compromised and the company’s reputation took a hit. Fortunately, the issue was resolved, security was tightened, and there are a number of lessons that we can learn from the incident. However, just as security tactics evolve, so do the criminals.

At Upstart Cyber, we constantly monitor the cybersecurity landscape in order to provide maximum comfort and safety to our clients and community. And because a core area of our expertise is in Fintech, we believe in sharing this information with our Fintech audience to help them avoid becoming the next nightmarish headline. This article is shared to reveal lessons learned by breaches like the Robinhood breach, and to advise Fintechs on how to protect their innovation.

The cybersecurity industry is expected to reach $660.67 billion by 2030. Why? Because the threats are real, persistent, and evolving. And in the spirit of helping, we share this article to shine some lights on threats and tactics for improving your cybersecurity. 

The most common threats to fintechs include:

  • Phishing and Social Engineering Attacks: Cybercriminals trick employees into revealing sensitive information. Examples of such trickery are ever more elaborate, and the con relies on people like you, reading this, thinking you are too smart to be tricked. Tactics are constantly evolving, and so must our vigilance. 
  • Ransomware: Malicious software that encrypts data and demands payment for its release.
  • Insider Threats: Employees or contractors with access to sensitive information can intentionally or unintentionally cause harm. That subcontractor working at a local café is also a mark. And when a company has money, or appears to have money, cybercriminals have a big motivation to concoct all sorts of dubious ways to compromise members of any team.
  • Data Breaches: Unauthorized access to confidential data.

If you are reading this, you know that every fintech needs a cybersecurity framework that accounts for vulnerabilities and that risk assessment is critical, and must be ongoing. Here are a few details to keep top of mind as you plan, build, and manage your cybersecurity program. 

Compliance

Compliance includes regulatory compliance (such as the EU’s GDPR) as well as PCI Security Standards Council (PCI SSC), which is an independent organization created by major payment card brands. The standards are adopted by any business or organization that stores, processes or transmits cardholder data, and those who develop and manufacture software and devices to transmit such data (aka fintechs).

As many entrepreneurs will tell you, there is compliance and then there is the lightning-fast pace of today’s global economy. The cybercriminals are faster than the regulators are at drafting policy paperwork. You must establish strong cybersecurity policies, and ensure employees adhere to them. 

Implementing Key Security Technologies

  • Use encryption to protect data both in transit and at rest, ensuring sensitive information is secure. (Contact Upstart Cyber for a demo on data encryption.)
  • Implement 2FA (two-factor authentication)  to add an extra layer of security to user accounts. 
  • Deploy firewalls to prevent unauthorized access to your systems and use IDS monitors to sniff and detect malicious contents and give alerts when there is a potential threat. 

Employee Training and Awareness

  • Ensure developers follow secure coding practices to minimize vulnerabilities in your software. Your system is only as good as the code it is written on.  
  • Establish your cybersecurity practices and ensure regular training for all employees. 
  • Test your team, including with unannounced tests that policies are followed.Run phishing simulations to educate employees 
  • Establish extremely clear and rigorous policies for when employees are working off-site. In an era of increased remote work, now there are far more vulnerabilities at a local cafe than there are in your secure office space. 

The breach at Robinhood occurred because a clever hacker used social engineering tactics to obtain millions of email addresses from a customer service rep. We do not know what Robinhood’s training protocol looked like at the time of the compromise and we do not know what it looks like now. But we can certainly know their training evolved because they learned tough lessons the hard way. The case of Robinhood is a lesson for all fintech entrepreneurs to prioritize cybersecurity to protect your innovation, your reputation, and your customers. The cybersecurity market is huge because cyber threats will continuously evolve, and as the threats evolve so must our vigilance. 

About

Upstart Cyber is founded by a team of entrepreneurs who believe that our fellow entrepreneurs including those with the budget of a fintech startup deserve security, protection and peace-of-mind. Contact us to explore solutions like those described in this article. We are ready to work with you.