At ZestMoney, we pride ourselves in our innovative workforce and our technology is the backbone of our company. Given our rapid growth and as a fintech company, we take our responsibility to secure our customer data very seriously and to protect our employees from malicious actors. Historically, security has been the enemy of innovation as restrictive rules are imposed on employees preventing them from embracing the latest technology. We've adopted a cutting-edge security strategy that places our employees at the center of our cybersecurity and relies on technology to keep us safe. This blog documents our efforts to create a best-in-class security program.
Our overall cybersecurity framework: Defense in depth
In the modern-day, it is incumbent on us as a service provider to make sure that our key assets are well protected. At ZestMoney, we have invested in multiple types of cybersecurity ranging from features offered by platform vendors like Google, Amazon, and Sophos. We also engage with our partners, contractors, and customer support personnel to make sure that their security technology is up and running. We also use best practices in framing our security policies so that they do their work in a noninvasive way so that our employees are free to do their job.
Along with technology, it's critical that we define the right processes, from how customer service responds to specific types of customer requests to the apps that our employees use for productivity-related tasks to how we respond to employee requests for new tools. A key takeaway for us is that processes must be agile and flexible enough for employees to adopt new tools, and that security-related approvals should not limit innovation. To ensure that security does not constrain innovation, it is important that processes take advantage of the other two elements of our security strategy: technology and people.
Our People: Democratizing Security
However, a key part of this blog is the work we have done in partnership with SecurityAdvisor in fortifying our people as part of the #SecureZest initiative at ZestMoney. Our people are our firewall and our people are our first responders too.
Our humans as our firewall with Just in time personalized coaching:
The nature of threats continues to fundamentally change. Even a few years back, phishing accounted for 90% of incoming threats. Today, the mixture of threats continues to evolve with email remaining a major threat vector, but threats from the cloud, online activity, new forms of collaboration (for example, Slack or Microsoft Teams) are rapidly rising.Today's employee uses hundreds of apps. Malicious actors can use several of them to steal data.
To protect our employees from these threats, we use a cutting-edge system to determine their risk profile; not all of our employees are susceptible to the same threats. For each of our employees, we run a personalized awareness campaign. We do this in bite-sized chunks so that employees can focus on what is important: innovation!
The key to an effective awareness program is engaging content and delivering this content to the right users at the right team (Just in time personalized content!)
Our humans as our first responders:
We can also use our humans to report phishing emails, turn on 2-FA, use rights management tools, and overall drive security by preventing and reporting incidents. The awareness program (Delivered as 5 min modules and sometimes even as 30-sec capsules) is intended to democratize security by making our humans the first responder. This is a disruptive new construct in security as it is not just the SOC that responds to security incidents but even our employees who are now our eyes and ears on the ground.
As a fintech company, we believe in measuring ROI even for security. The charts below illustrate how empowering and mentoring workers, as well as an improved security posture, have substantially reduced identified events. These are counts of incidents detected, and by concentrating on the root cause of infections and eradicating them entirely, we have reduced our company's attack surface area. The price of security, at the end of the day, is consistant surveillance!
Learn how SecurityAdvisor can help your team.
Schedule some time to talk with one of our experts and they will show you how we can help your organization.