Loan Management Software: What You Need to Know About Safety, Security & Salesforce
Trust has always been at the forefront of the financial services industry. In today’s global and technologically advanced world — especially with the growing sophistication of cybercrime — how we collect, protect, manage, store, and share consumer data has perhaps never been more important.
The very nature of the industry — its reliance on highly sensitive and identifying information — the financial services sector is among the most at-risk for security breaches. As a lender, it’s critical that you establish a safe and secure environment in which you do business. Today, that starts with a secure online lending management solution.
Perhaps the Salesforce Security Guide says it best: “[Our] security features enable you to empower your users do their jobs safely and efficiently.” In this post we’ll talk about some of those out-of-the-box security features and share how we can help you enhance them for your specific business goals and unique client needs.
Multi-factor Authentication: A Security Best Practice
To safeguard your company and individual users from account takeovers and phishing attacks — and to set a good example for digital citizenship — IvyTek Finance strongly recommends embracing multi-factor authentication as an internal best practice for your staff members and activating it as the default setting within your borrower portal.
Multi-factor authentication (MFA) is something you likely encounter weekly (if not daily!) as you go about your everyday online activities. For example, maybe you’re trying to check your email from a computer in a hotel business center. The email provider doesn’t recognize this device as being associated with your login details. So, to prove it’s really you, it will automatically send a one-time code or security key to you by text or email. This extra step — a piece of information beyond a username and password — is the concept behind multi-factor authentication, and it’s a crucial security feature for a lending management program.
By highlighting that multi-factor authentication is built into your borrower portal, you also send a message of trust to your prospects, applicants, and customers.
Roles & Permissions: Who Sees What in Salesforce?
“Who sees what?” That’s one of the most common questions we hear when discussing not only our security features, but the loan management system as a whole.
In the lending industry, it goes without saying that we deal with confidential and sensitive information. Salesforce Cloud offers ultimate flexibility with its levels of visibility and sharing models. This means you can give team members access to only the data and tools they need for their day-to-day work — and your applicants and borrowers will have peace of mind knowing their information is safe.
The IvyTek Finance team can work with your Salesforce administrator(s) and other staff members to help you explore and understand all of your options and even help you develop a sharing structure that fits your organization. This might involve creating different roles and profiles, each of which can be given the ability to complete specific tasks.
Salesforce offers a robust series of “Who Sees What” videos. We encourage you to peruse these brief videos to learn more about viewing permissions such as at the organization-, profile-, record-, object-, and field-level.
Custom Security Settings for Loan Management Software
IvyTek Finance, with its built-in Salesforce security features, gives you the ability to drill down even deeper to customize roles and settings based on your needs. For example, you’ll find many options related to multi-factor authentication (MFA), such as enabling it for all users or only for certain log-in types or specific scenarios. Additionally, Salesforce is compatible with many third-party MFA tools.
Some other areas where you can customize security settings include:
- Set password requirements to ensure that users’ credentials are strong and secure
- Set password expirations (to encourage users to change their log in details)
- Set a limit of how many log-in attempts before an account locks
- Control how long before an inactive session expires
- Create a login flow based on the user’s needs, such as their place in the customer journey
- Restrict when and where users can log in from (such as limiting hours or IP addresses)
- Configure certain actions/areas (such as reports and dashboards) to require a high assurance session
Other Built-in Security Features: Salesforce and IvyTek Finance
Salesforce includes several out-of-the-box and add-on tools to help you diagnose or mitigate security risks:
Security Health Check
This one-page dashboard gives administrators a high-level overview of your organization’s security health. From here, you can identify vulnerabilities and fix potential problems — before they become an issue.
Security Monitoring & Auditing
Track all login activity, setup changes, and field edit history. Additionally, you can monitor events in real time, such as who is logged in and from where. On the auditing side, you can also perform tests and access information to help diagnose or mitigate security risks.
Salesforce Shield
Available as an add-on service, Salesforce Shield is a trio of security resources, including
Shield Platform Encryption, which adds an enhanced layer of protection to your company and customer data. Shield also includes Event Monitoring and Field Audit Trail.
Keep Your Lending Platform Safe and Secure with IvyTek Finance
With IvyTek Finance, backed by the power of the Salesforce Cloud, you can activate and customize security settings for everyone using your loan management software, whether they’re an internal user, prospective borrower, or returning customer. Contact us for a 10-minute demo today >
Further Reading on Security Settings in Salesforce:
- View or download the Salesforce Security Guide (it’s available on the web, as well as a PDF)
- If you’re an IvyTek Finance/Salesforce user, you can also always access helpful security-related guides and tutorials within your Trailhead account, including “Choose the Right Salesforce Security Settings.”
About Us
IvyTek, Inc. is a family-owned and operated company that produces custom software. The Griggs family has been in the software development business for over 25 years, spanning three generations.