Here, we are focused on investor portal security; but outside of insights.land there’s a lot of mist, miasma and misdirection … and dire reports sound through the fog, portending a brewing storm.
It isn’t enough we have a cesspool of tainted players. getting real, that’s what we have here regarding security these days. companies are out there trying to persuade you that their software for investor portals is secure, while they know it isn’t. we’ve seen the dangers first hand: urgent hdds being couriered by people you wouldn’t trust walking your dog; unencrypted databases being passed around by smooth backbenchers, talking about your investors and comparing you to your competition, selling you and/or your data downstream, if given a dollar; and logins so insecure a child could guess them or an algorithm capture them.
ok, some of this may be inevitable, you say, but there are alternatives. you can take precautions and prevent the encroachment of managerial mediocrity and financial duplicity by enforcing rules and setting-up sentries to protect your data, guard your investors, and secure your competitive advantage.
which is what securing the fort really is: safeguarding your competitive advantage. what else is there to protect?
investor portal security
Over here in insights.land we don’t have these worries. we sleep soundly at night, knowing we aren’t going to wake up with a data breach that’s a Sword of Damocles over our next day, corrosively communicated with a crazy email thread from a client about investor portal security, which is, really, their top insecurity.
to secure the fort, you first need end-to-end encryption. period. if the portal provider you’re using doesn’t provide this (looking at you intralinks, investment cafe, investran, and others of that ilk), walk away and talk to us. this is basic 101 stuff these days, and for some reason the fintech space still doesn’t get it, maybe because the prevailing mind-set is that money grows on trees. they think they know you, that you’ll just keep watering their tree by paying more, and most of you do.
after you get encryption settled, then it’s time to talk to us about DNSSEC and HSTS. I’m guessing you took a moment to google those. let me tell you that your account rep at your current investor portal provider will have no idea what you’re talking about, once you bring it up. <sigh>
so, let’s start with an honest discussion about security, real investor portal security, and go from there. secure your investors’ data, your competitive advantage… and your sanity.
Online Painting: Nicholas Roerich, “Saint Sophia the Almighty Wisdom,” 1932