Even has recently completed its SOC 2 Type II certification. In light of this new benchmark, it’s important to understand our information security protocol as a whole — what the biggest risks are and how we protect against them.
Throughout my career in the field of information security, I’ve worked at companies both large and small. With that, I’ve encountered many different philosophies on handling security, as far as the resources put in place, the speed at which controls are implemented, and how risk is categorically assessed.
Coming from the world of big banks and into the fintech space in particular, I experienced a real cultural shift, as one would expect. While they may operate in different ways, the goal of security at all companies remains the same ― to protect the confidentiality, integrity, and availability of data. And not just of our organizations, but our consumers as well. To do so, everyone needs to buy in, and that starts at the top. However, it wasn’t always seen that way.
I had the pleasure of witnessing firsthand how the CISO (Chief Information Security Officer) role came to be. It was back in the mid 1990s, when a big bank was hit by hackers. Customers began pulling their money out, because they didn’t trust that the bank could protect their assets. It wasn’t until an information security executive joined the bank and became the first-ever CISO that risk was properly assessed and mitigated. By elevating security to the C-suite, it finally had a seat at the table and was able to evolve from a responsive support function to a strategic imperative.
When I joined Even Financial, I found myself surrounded by a team of talented colleagues who were constantly collaborating with each other across departments. There was also a commitment to security, which is not always common at fintech startups where people with technical backgrounds can be found at every level.
At many fintechs, the goal is to get projects off the ground and solutions up and running as quickly as possible. Conversely, no matter how many innovative products we are working on at Even, integrating the highest standard of security controls behind them is always paramount.
One of our main areas of emphasis, by the very nature of what we do at Even, is protecting private data, whether it's for our partners or end users. To this end, we have recently achieved SOC 2 Type II compliance, certifying our ability to implement and execute security protocols at the highest industry standard. In addition to that, we are constantly working on new ways to protect our organization and every third party involved with our business.
Going forward, in light of how the pandemic changed the work model for Even and every company that was forced into remote settings, we know there is a lot of work to be done as far as securing our expanding perimeter. It’s no longer just the office, but anywhere in the world where remote employees are located, which in turn increases the attack surface. Along with an uptick in more sophisticated attacks, we have to be more vigilant than ever.
That’s where having a seat at the table becomes crucial. Through my role, and in collaboration with the rest of the executive team, we are committed to remediating risk wherever possible. For me, that means educating my colleagues about different security concerns and protocols, and doing so in a way that is as easy to understand and implement as possible.
Thankfully, with the team we have in place, my job is made all the more easy by people who willingly engage in these discussions, no matter if it’s an executive-level employee, member of the product team, or anyone else with an ear for knowledge. Security starts at the top at Even, but it doesn’t end there.