Today, there is more public interest in the activities of the financial industry than ever before. Data protection is essential to prevent cyberattacks that can lead to data breaches, financial losses, and reputational damage. The banking and financial industries must invest in robust data security measures: employee training, access controls, encryption, and regular assessments are essential to any effective strategy.

Last November, the business management software "Winbiz", was the victim of a virulent cyberattack leading to the temporary shutdown of the software. The software host was storing sensitive information.

The software used by organizations represents a significant risk. Today, cloud platforms are considered as irreplaceable allies of administrative professions: they help us manage human resources, track projects, share files and content, build a customer history, etc. However, each more sensitive than the last, this data must be subject to strict and robust measures to prevent cyber threats and to comply with regulatory requirements.

The advent of telecommuting in recent years reinforces the importance of data protection through the software employees use. Thus, the choice of software must be documented for a secure integration. The criteria to be taken into account during the selection are the following:

Data hosting

Data storage location:

Some companies are surprised to learn that their data is stored in a third country. SaaS provider is free to host their data in any country they choose, regardless of where their headquarters are located. Knowing the hosting country is crucial to ensure that the country in question has strong, strict and transparent legal and political stability.

If the data is stored in a trustworthy country, ensuring that the provider does not practice "temporary data transfer" is also relevant. This phenomenon, more frequently used by global IT providers, implies that the data passes through foreign servers before being stored in Switzerland. It is, therefore, essential to verify that this transfer is legal and complies with GDPR standards.

Reliability of the hosting provider:

Certifications standardize the information security of web hosts. Among them, the most recognized certification is ISO/IEC 27001.

Data protection certification

Companies that outsource their critical systems and processes need to ensure that vendors have strict, independent controls over data management. One such independent certification is SOC 2, issued by the American Institute of Certified Public Accountants (AICPA) and used by organizations in the software-as-a-service (SaaS) industry. It assures customers that the organization has designed and implemented adequate controls for security, availability, processing integrity, confidentiality, and privacy. This standard has existed in the United States for many years and has a worldwide equivalent in ISO 270001.

Switzerland is considered to be behind the US and the rest of Europe concerning SOC 2 reporting. The first significant moves towards certification were made by large companies subject to strict regulations, such as the financial sector. These companies require their service providers to comply with the SOC 2 standard and provide an annual report to meet internal and external requirements. *1

Authentication and account access

Software of any kind is a critical source of information for an organization. Thus, access to the tool must be secure, so it is recommended to inquire about the availability of the following features:

• Availability of two-factor authentication
• Availability of SAML authentication, if relevant for the customer
• Possibility of managing rights in a personalized way within the tool, in order to only give access to information to the persons concerned.

Encryption

If a company uses a web application, it must ensure that the app in question uses an HTTPS connection secured by SSL certificates to prevent espionage on the web and email correspondence. In addition to encryption in transit, data encryption at rest prevents a situation like the one experienced by WinBiz and its customers.

WEDO: the secure solution for collaboration in the financial sector

Sensitive topics and privacy policies are at the heart of employees' daily tasks in the financial industry. From task management to the content of all kinds of meetings, such as team meetings, bilateral talks, customer/insurer meetings, and board meetings, the traceability of discussions is as crucial as their discretion.

The WEDO SaaS software, developed and hosted in Switzerland, is a collaborative platform designed to address security challenges in sensitive sectors. Thanks to its task manager and its customizable meeting module, the platform makes it possible to share files and centralize the information necessary for team collaboration while giving the possibility to configure the access rights of each user.

They trusted WEDO to manage their internal collaboration: