Securing A Fintech Organization

Security in a fintech company is an important and difficult task. How do you build enough guardrails without impacting innovation?

Recently, Yieldstreet has undertaken two measures (the SOC2 and ISO27001 reports) that reflect how well we’re performing our security, privacy, confidentiality, availability, and processing integrity controls over a given period. We thought to do it early and build a strong security foundation as we build our teams and services. That way, we already have the framework in place that is prescriptive but can be improved upon as we grow as a business – the snapshot today isn’t how we’ll look a year from now. We started a security initiative to get these reports in 2019, and in March 2021 Yieldstreet received its SOC 2 Type 1 certification for availability, confidentiality, and security without noted exceptions.

In 2021, there have been several high profile hacks on critical infrastructure and international organizations. One of the most notable occurred through a platform called Kaseya. We do not use Kaseya products, so we were not impacted by this breach. However, we wanted our security team to offer a breakdown (though incomplete) of some of the various security controls we do have in place to protect us and our investor/borrower data:

  • We’re conducting annual third-party penetration tests on Yieldstreet.com’s infrastructure and application. The most recent one was conducted in March 2021and the results yielded no “critical” security vulnerabilities and two vulnerabilities classified as “high”. The high vulnerabilities were something we already knew about and had a plan for tackling.
  • Each server and employee workstation in the environment is protected with next generation anti-virus solutions that provide us full visibility to malicious behavior at the origin and throughout the system processes.
  • We have deployed Cloudflare to protect our application at the edge, and have mitigations against common web attacks and bad bots.
  • We have deployed a risk based authentication platform to prevent investor account takeover.
  • Yieldstreet deploys data loss prevention tooling across each workstation, messaging applications, and SaaS products. This allows us to track the flow of company confidential and personal identifiable information safe from exfiltration.  
  • We are monitoring our ability to fight phishing tests with our routine phishing exercises. We are doing well and we can and will do better in the coming months as more training becomes available.
  • Our code undergoes static code analysis to ensure that we are coding securely and alerting us when we don’t.

We have many more protections planned and are constantly evolving our security posture against the evolving threat landscape. Just as we think about liquidity for our investors, we think about security among the risks we face.

How helpful is this content?

Was this content helpful?

Sign up with Yieldstreet and be the first to know about our latest offerings, recent news, upcoming events, and more.

Your email will never be shared and will only be used for Yieldstreet updates. Already a Yieldstreet member? You're already set up to be notified.

Share this article:

Join a community of 350,000+ members

  • Gain access to unique offerings previously reserved for the ultra-wealthy

  • Customize your portfolio for income, growth, or a balance of both

  • Get started today and earn an average IRR of over 8%

What investors are saying about Yieldstreet

Apr 2022

The due diligence, risk management, and product education materials are thorough, excellent, and easy to use and understand.

Manoj J
Member since 2019
Apr 2022

Excellent and unique selections that I can't find elsewhere.

Jonathan S
Member since 2019
Apr 2022

The platform delivers in a very concise manner. Easy to get a clear understanding at a glance from the web or mobile app.

Tim S
Member since 2021
The testimonials presented on this page have been provided by actual investors in Yieldstreet funds without compensation. Yieldstreet has selected the testimonials, and certain testimonials have been edited to remove personally identifiable information and for brevity. Testimonials were not selected based on objective or random criteria, but rather were selected based on Yieldstreet's understanding of its relationship with the providers of the testimonials. The uncompensated testimonials presented here may not be representative of other investors' experiences, and there can be no guarantee that investors will experience future performance or success consistent with the testimonials presented.

The Yield

Our weekly podcast providing ideas about how to make money work for you and bring you closer to your dreams.

Since inception, over $2.5B has been invested on Yieldstreet

Join today for free to access alternative investment opportunities.