Security in a fintech company is an important and difficult task. How do you build enough guardrails without impacting innovation?
Recently, Yieldstreet has undertaken two measures (the SOC2 and ISO27001 reports) that reflect how well we’re performing our security, privacy, confidentiality, availability, and processing integrity controls over a given period. We thought to do it early and build a strong security foundation as we build our teams and services. That way, we already have the framework in place that is prescriptive but can be improved upon as we grow as a business – the snapshot today isn’t how we’ll look a year from now. We started a security initiative to get these reports in 2019, and in March 2021 Yieldstreet received its SOC 2 Type 1 certification for availability, confidentiality, and security without noted exceptions.
In 2021, there have been several high profile hacks on critical infrastructure and international organizations. One of the most notable occurred through a platform called Kaseya. We do not use Kaseya products, so we were not impacted by this breach. However, we wanted our security team to offer a breakdown (though incomplete) of some of the various security controls we do have in place to protect us and our investor/borrower data:
We have many more protections planned and are constantly evolving our security posture against the evolving threat landscape. Just as we think about liquidity for our investors, we think about security among the risks we face.
What's Yieldstreet?
Yieldstreet provides access to alternative investments previously reserved only for institutions and the ultra-wealthy. Our mission is to help millions of people generate $3 billion of income outside the traditional public markets by 2025. We are committed to making financial products more inclusive by creating a modern investment portfolio.