Menu Icon
< back to main
 • 3 min read

4 Security Tips for Financial Tech Companies

A few weeks ago, financial giant JP Morgan revealed a security breach that affected over 76 million businesses and individuals across the...

4 Security Tips for Financial Tech Companies
Julie Kuhrt
Julie Kuhrt

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Tips for Financial Tech Companies

A few weeks ago, financial giant JP Morgan revealed a security breach that affected over 76 million businesses and individuals across the US. Because of the valuable assets and financial information that the company holds, it was a natural target for hackers. These hackers spent weeks rooting through 90+ servers, gaining access to the PII of its customers, and accessing the technological blueprints containing a full list of applications in use by the company.

Given the mounting number of security breaches this year and the growth in the financial technology sector, US Treasury Secretary Jacob Lew and many others have named malicious online attacks as a growing threat to the financial industry. Though this news may seem intimidating, even to the big the companies with the largest security budgets, here are a few security tips for financial services sites and financial tech businesses:

1. Limit access to vital data +asset

Reduce the attack surface and human factor. By giving access to only those who need it inside of an organization, companies can vastly improve the security of important assets and resources.

2. Encrypt your data… ALL of it

Whether it is dynamic or at rest, encrypt everything that goes between your servers, web clients, and end users. Strong, site-wide HTTPS/TLS is the best way to mitigate MiTM attacks that have the ability to distort data transferred between servers and users.

3. Put strong security policies in place for your employees

When large amounts of money are potentially at stake, attackers are willing to play a long game that combines social engineering and brute-force attacks to compromise web application security. Wherever possible, companies should create policies that mandate for strong, unique, and random passwords, activating 2-factor authentication, as well as setting up proactive physical security rules that can decommission a device if it is lost or stolen.

4. Engage in testing outside of the scope of security + compliance audits.

Though PCI and finance regulations mandate certain protections for web applications, environments that are in constant development are potentially creating vulnerabilities in each code push. Setting up a bug bounty program with skilled security researchers who subject a web app to a diverse set of tests is one cost-effective way to find security issues outside of the scope of a regular audit.

These tips may not be able to stop the most dedicated hackers; however, they are a solid starting place for securing financial information. Set up a demo today, to see how Cobalt’s security platform can help secure your company’s web applications.

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens