Treasury 
Risk Management 
Payments 
Connectivity 
Working Capital 
Accelerate ERP Migrations 
AI in Kyriba 
API Integration 
Cash Forecasting 
Enterprise Security 
Fraud Prevention 
FX Exposure Management 
FX Risk Management 
ISO 20022 Migration 
Liquidity Planning 
Real-time Payments 
Supplier Financing 
Office of the CFO 
Treasury 
Information Technology 
Retail 
Financial Services 
Higher Education 
Healthcare 
Manufacturing 
Mid Sized Companies 
Banks 
Public Sector 
Blog 
eBooks 
Webinars 
Videos 
News 
Fact Sheets 
Success Stories 
Events 
FAQs 
Value Engineering 
Research 
About Us 
Values & ESG 
Recognition 
Leadership 
Careers 
Contact Us 
Kyriba Academy 
KyribaLive 
Blog
Three Minimum Security Requirements for any FinTech Companies
Employing financial technology solutions from Fintech companies has become a comfortable and productive way of life for many corporate finance leaders, who increasingly rely on these cloud applications to optimize and enhance a core piece of their jobs, from treasury to accounting and beyond.
Despite the proliferation and rapid adoption of financial technology solutions by global organizations from all industries, however, the solution providers should not escape scrutiny in one key area: Cyber Security.
Additional reading: Kyriba Now Enables Clients to Conduct Their Own Pen-Tests for Cyber Security
Additional reading: Four Key Questions a CTO Needs to Ask When Evaluating a New TMS
“Most FinTech companies have access to highly sensitive financial information, so a company playing in this space needs to have some minimum things in place so their customers have a strong sense of their commitment to security,” said cyber security expert Nick Biasevich, the director of technical sales enablement at Kyriba.
According to Biasevich, there are three minimum requirements any vendor should be able to provide when it comes to cyber security:
- A Cyber Defense Center: A dedicated team whose sole purpose is to protect clients and their customers from potentially disastrous cyberthreats and cyberattacks. The principal tool these defense teams use is a security information and event management system, or SIEM, which actively monitors every end-point in the company, looking for any type of suspicious activity. Without a SIEM in place, companies have to do this manually, an extraordinary amount of work that leaves organizations open to cyber security risk.
- Authenticated Pen-Testing for SaaS Platforms: There is probably no better test of platform security than authenticated penetration testing, or “pen-tests,” in which the software provider opens-up its SaaS-based application for a client’s IT personnel to take their best whacks in attempting to uncover security flaws. This compares to an unauthenticated pen-test, which is conducted outside of the platform and is not as rigorous or efficient in security screening. An authenticated pen-test requires full cooperation between the vendor and the prospect or client to complete, and is deep sign of the vendor’s security commitment.
- SOC I and SOC 2 Type II Certification: These certifications are key in assuring that a vendor’s security practices are up to standard. SOC 1 is a statement of operational controls, which sets out the internal controls, processes and procedures that FinTech companies abide to when handling data. SOC 2 Type II is a report by a third-party auditor that has audited the vendor’s performance against those controls, on the basis of the evidence provided. A SOC 2 Type II certification means that a vendor has proven that its system is designed to keep its clients’ sensitive data secure. This latter type of certification is expensive and time-consuming and is hard proof that a vendor takes security extremely seriously.
There were more than 1,000 global FinTech companies, according to a 2016 report by Atherton Research. That number has likely grown significantly, fueled by new business models and increasing trust in cloud-based vendors to deliver secure, scalable global applications.
“There are, of course, other security factors to consider from a buyer perspective, but if a vendor is not doing these basic things, the maturity level simply isn’t there, and certainly is not on par with Kyriba,” Biasevich said. “These three items are a good security sniff test for any vendor.”
Related Resources
-
Identifying the ROI in a Treasury Transformation ProjectHow do you truly identify the total value of implementing a treasury management system (TMS)? While some aspects of a treasury transformation project may seem black and white, other value components are difficult to...Read more -
10 Things You Need to Know about APIs for TreasuryAPIs continue to be one of the most talked about technologies, as finance leaders look to make their treasury and payments operations more real-time and responsive to market volatility. APIs are critical to the...Read more -
Navigating in High-Interest Rate Environment Infographic: A Step-by-Step CFO GuideNavigating in High-Interest Rate Environment: A Step-by-Step CFO Guide Download the InfographicRead more
Related Resources
-
Episode 15: Assessing Risk Through Data-Driven InsightsThis episode features an interview with Danielle Murcray, CFO at AttackIQ talking to The Invisible Vault host Daniel Shaffer, Senior Manager, Global Digital Communications & Public Relations at Kyriba. Danielle addresses building relationships with CEOs, tackling cybersecurity and fraud, as well as assessing and managing risk as a CFO in a pandemic world.Listen to the Podcast -
Safeguarding Corporate Treasury Against Fraud and Cyber RisksThe Treasury Strategies' Treasury Technology Quarterly Briefing webinar will be on protecting against fraud and cyber risks. The panel of security experts from Bank of America and Kyriba will discuss what you should focus...View Recording -
Kyriba Extended SecurityWith fraud and cyberattacks increasing in both frequency and sophistication, it is important to partner with Kyriba to secure your most important data.Read the fact sheet