The protection of its users' data is an absolute priority for Greenly, elected Fintech of the Year 2020, which supports individuals and businesses in their low-carbon initiatives. With Qontrol, Greenly guarantees optimal security to its customers and displays it.
What are Greenly's cybersecurity needs?
Alexis Normand (CEO Greenly) :
Protecting our users' data is a top priority for Greenly. We want everyone to be able to track their carbon footprint more easily, not just big businesses. This meant inventing a way to automate measurement in order to focus on playing and rewarding good behavior.
The magic of the Greenly application is to offer a technology that allows you to synchronize your bank accounts to analyze each expense, categorize them according to its nature, to deduce the emissions, the kg of CO2 avoided, and to suggest alternatives.
For such a process to be possible, we must first reassure our users about data protection, about our compliance with the RGPD. This involves controls, a good knowledge of the law, but also an external audit that makes it possible to implement best practices, and finally, it is necessary to make it known.
Across all of these dimensions, Qontrol has helped us make a big leap forward. As a result, we obtain much better engagement rates from our individual and business customers.
In concrete terms, what was the point of working with Qontrol?
Alexis Normand: Very concretely, our corporate customers ask us all the time what control we have put in place. Because we use a third party who audits our processes, they no longer need to take our word for it. We can show a report that details very concretely the controls put in place.
On the other hand, the way Qontrol collects data from employees is also an excellent opportunity to train them in these topics, and to strengthen the organization on an essential subject.
I am thinking of several carbon footprint contracts, for example with Payfit, that we won thanks to the fact that we were able to prove ourselves quickly.
Since The Unknowns, we know how to tell a good hunter from a bad hunter.
But how do you distinguish good cybersecurity from bad cybersecurity?
Michael Monerau (CEO Qontrol) :
Good cybersecurity can be proved to its users and business partners. They are delighted with it, they only ask for that to be confident in a new service or a new product.
Bad cybersecurity is one that is based on voodoo concepts such as “it's okay, we're not interested in anyone”, “normally, I don't think it's scary” or “Well, now I'm putting MyName@! as my password everywhere, but I will change in 1 week.” Cybercrime is now an industry that has been organized and professionalized to steal and extort money from as many businesses as possible. It is illusory to believe that you can get through your nets without being organized yourself.
What effort does it take to implement good cybersecurity?
Michael Monerau: The effort required for good basic cybersecurity hygiene is greatly overestimated. To protect yourself from 90% of attacks, which are automated and robotic scams, it's not rocket science.
You have to be organized and patient to do it properly. It is a question of choosing a cocktail of technical measures (antivirus, password and access management, double authentication, etc.) and human measures (awareness, basic training for everyone, robust business processes) and then deploying them at a pace compatible with the teams.
The sooner the issue is addressed in the life of the structure, the lighter the efforts are because they are naturally integrated into its development. This is the case of Greenly where this subject has been dealt with since the very beginning of the startup.
Alexis Normand: Absolutely, Qontrol has been able to set up a data collection process that is very adapted to the needs of a startup like ours, without losing quality in terms of strengthening our cyber policy.
How does the Qontrol platform support Greenly with its cybersecurity?
Michael Monerau : Greenly is a case study of best practices in cybersecurity.
First excellent practice: Greenly has direct and proactive governance when it comes to information security. The subject is proactively addressed by CEOs & CTOs, which guarantees perfect alignment with business needs and technology.
Second very good practice: information security issues are integrated from the design of the product and the organization of the team. This ensures that cyber resilience is part of the DNA of all business processes in the company.
The Qontrol platform is the team's right-hand man on a daily basis, playing the role of its CISO (Chief Information Security Officer). Thus, everyone within Greenly knows their role in guaranteeing the useful level of security and carrying out continuous improvement projects useful for the development of the startup.
Finally, Qontrol allows all Greenly users, personal and professional alike, to be reassured about the care taken in protecting the data entrusted to Greenly.