Cybersecurity & Privacy for CDFIs
ZenPrivata is the preferred security and privacy provider for CDFIs. We’ve worked with both CDFI associations and individual CDFIs and know the unique needs that CDFIs have.
Risks
- CDFIs face a surprising number of attempts from attackers to imitate an executive, pushing a financial officer to send CDFI funds to the attacker’s bank account
- CDFIs hold sensitive personal information and that their reputation would be damaged if that sensitive information were exfiltrated.
Limitations
- CDFIs also often have limited financial resources available for cybersecurity and privacy.
- CDFIs typically have limited personnel hours available, making it difficult to implement complicated security controls.
Needs
- CDFIs need controls that reduce the risk of financial attacks and protect customers' sensitive information.
- CDFIs typically need security and privacy controls that are simpler to implement and provide the most impact for the smallest cost.
CDFI Security & Privacy Framework
ZenPrivata was commissioned by the African American Alliance of CDFI CEOs to develop a security and privacy framework for Community Development Financial Institutions (CDFI) as part of their Women-Led Initiative Technology Enhancement Project (WLITEP).
The CDFI Security and Privacy Framework (CDFI-SPF) was created specifically with the needs and abilities of CDFIs in mind. We met with CDFIs and learned what dangers they face, what risks would be most harmful to CDFIs, what systems CDFIs use and what their attack surface looked like, and what controls CDFIs typically already had in place.
CDFI’s can use the Framework, free of charge, to determine which cybersecurity and privacy controls they should implement and to track their progress.
.