What fintech companies need to know about the convergence of cybersecurity and data privacy
This article was first published by Benzinga.
As the world continues to digitize rapidly, and more and more issues around cybersecurity and data privacy come to the forefront, it’s no longer feasible to keep conversations around the two separate.
Cyberattacks tend to be eye-catching and make flashy headlines. However, privacy violations and data compromises that accompany such intrusions are not as widely reported. Part of the reason is that most people don’t understand the importance of data privacy and how it’s tied to cybersecurity.
It’s time to take a different approach to understanding how both cybersecurity and data privacy are interlinked.
Fintech companies and financial institutions benefit from a partial exemption under state-level privacy laws (and in accordance with compliance with requirements like the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and Privacy Rule). Nonetheless, the companies and institutions hold critical consumer data, and therefore must make efforts to understand the direct impacts their data practices have – for better or worse.
Numerous institutions such as the Federal Trade Commission (FTC), Consumer Financial Protection Bureau (CFPB), and Securities and Exchange Commission (SEC) are now starting to crack down on weak practices. Increasingly, laws and regulations are being introduced that no longer give companies a pass on poor cybersecurity and privacy practices. Companies that aren’t implementing sound measures to protect their users’ privacy are met with fines and disciplinary actions.
Part of the problem is that fintechs today don’t always have the best grasp on what critical data exists within their ecosystem and what they should be doing to protect it. As more financial institutions become increasingly digitized, it’s becoming harder to conceptualize and track the large quantities of information constantly flowing through systems.
“Once a business has an understanding of its data ecosystem, it can start measuring the necessary privacy and the adequacy of its security around that data,” said Bhavesh Vadhani, global leader of cybersecurity, technology risk and privacy for the advisory, assurance and tax firm CohnReznick. “Historically, companies have addressed the latter without truly understanding the former.”
As soon as data resides on enterprise systems, a connection between data privacy and cybersecurity is established. The business is now accountable for designing cybersecurity controls and programs that protect personal information from theft, unauthorized access, and damage.
In the coming years, an increased emphasis will be put on privacy and security maturity as a business differentiator – not just a cost center. In the meantime, businesses need to understand that the boundaries of data protection extend beyond internal systems to their third-party service providers. Companies remain responsible for ensuring that their partners are also meeting requirements around privacy and security.
Another critical step is for businesses to take stock of their commercial solutions’ security posture, ensuring that products in the market – from code and application program interfaces to full-stack applications – have up-to-date security and privacy patches. If products aren’t equipped with the utmost protection, is it really worth the risk of taking them to market?
Finally, fintechs must remember that anyone in the organization can be a point of entry for possible breaches like phishing, smishing, and vishing. Consider your employees the first line of defense against data compromises, and ensure they are both vigilant and well-equipped.
“Consumers are more informed than ever and want to know how their information is used.” said Asael Meir, CPA, CohnReznick’s technology industry leader. “It is no longer optional to build a trusted relationship with your consumers.”
At the end of the day, a unified information security and data privacy program will be a business decision that weighs the cost of collecting and using personal data with the advantages.
Learn more about cybersecurity and data protection services provided by CohnReznick here.
Press ReleaseCohnReznick adds two senior leaders to growing Cybersecurity, Technology Risk, and Privacy practiceScott Corzine, Managing Director, and Stephen P. Gilmer, Director, have joined CohnReznick's Cybersecurity, Technology Risk and Privacy practice, bringing extensive experience in cybersecurity risk, risk management, compliance, and operational impact.
InsightTorigence: The gateway to intelligent data insightsSupported by AI-enabled solutions, CohnReznick’s Torigence helps organizations sort, decipher, and analyze what matters most. Learn more.
InsightThe convergence of cybersecurity and data privacyBhavesh Vadhani, Deborah NitkaOnce consumers’ data is in your system, you’re accountable for protecting it. Read why data privacy is important, plus steps for shoring up your practices.