Introducing Advanced Security Upgrades to Further Protect Your Organization and Your Data

We’re introducing three enhanced security features to help your organization better defend against emerging threats in an era of increasing cybercrime.

From AI phishing to malicious insiders, the security challenges facing financial institutions have never been greater. Organizations are not only contending with how they’ll continue to safeguard sensitive customer and company data. They’re also dealing with intensifying regulatory scrutiny around cybersecurity standards and controls.

At Hummingbird, providing enterprise data security for our customers has always been at the forefront. This month, we’re releasing a trio of security upgrades – IP filtering, custom session durations and timeouts, and a new set of permissions – to enable our customers to further strengthen access management across the platform.

These upgrades enhance Hummingbird’s comprehensive security program, providing organizations with more control and added protection.

Restrict Hummingbird access to specific IP addresses

Want to ensure users can only access your Hummingbird organization from approved networks? Now you can with IP filtering. With this update, you can restrict access to specific IP addresses or ranges. This means that even if an employee’s login credentials are compromised, unauthorized users won’t be able to access the app if their attempts aren’t originating from an approved network.

Set custom session durations and timeouts to limit how long users stay logged in

We've made session durations and timeouts more configurable, giving you more control over how long users remain authenticated. You can now determine what the right balance is between reducing disruptions to your users and limiting the risk of unintended access, based on your internal security requirements. Starting today, you can configure:

• Maximum session duration: Specify the maximum amount of time that users can stay logged in before they need to reauthenticate (e.g., every 8 hours).
  
  
• Inactivity timeouts: Decide when users should be automatically logged out after a specified period of inactivity (e.g., after 15 or 30 minutes). 

Get more control over what users can see and do, with new permissions

We're continually making our role-based access control (RBAC) more flexible and more powerful, so it works exactly the way your organization needs. Our latest update brings two new permissions to give you more control over who can see and do what.

• Restrict the ability to view unassigned cases: You can now prevent users from seeing cases that haven’t been assigned yet. This means users can only see cases that they’re directly assigned to, limiting their access to only what’s relevant to their work.
  
  
• Allow users to view, but not download, case files: Whether it’s a criminal report or identity documents, reviewing various files is an essential step in most cases. Now you can allow users to view files directly within Hummingbird while restricting the ability to download those files, helping prevent unauthorized distribution. 

Plus, many more security features to keep your data safe

In addition to our new enhancements, Hummingbird offers many more features to keep your organization and your data secure. These security controls include:

• Support for SSO and SCIM: Hummingbird offers multiple secure login options, such as Single Sign-On (SSO), to enforce access policies through your existing identity provider. Hummingbird also offers support for SCIM to automatically provision, deprovision, and manage role-based access for your user accounts.  This helps ensure access is limited to the right people, with the right privileges, in addition to simplifying your user management process.
  
  
• Support for MFA: Hummingbird supports multi-factor authentication (MFA), allowing you to require a second layer of verification during login. By enforcing MFA, you add an extra barrier against unauthorized access, ensuring that even if a user’s primary credentials (like a password) are compromised, attackers still can’t gain entry without the second factor.
  
  
• Access and activity logs: Our access and activity logs capture detailed records of key events, including logins, data exports, and other changes made, allowing you to monitor and audit user actions and investigate anomalous behavior. This data is also available via our History API.
  
  
• Malware scanning: Hummingbird automatically scans all files for malware, helping reduce the risk of users downloading malicious files. If malware is detected, the file is disabled for download, and a warning appears next to the file name.

Learn more about Hummingbird

Hummingbird enables risk and compliance teams to streamline their operations. Designed to support all kinds of work, from customer due diligence reviews to AML and fraud investigations, Hummingbird automates routine processes and tasks, while empowering analysts to work smarter and faster.

Ready to see what Hummingbird could do for your organization? Schedule your demo today! You'll learn why leading financial institutions and fintechs, including Raymond James, Stripe, Affirm, Etsy, and DraftKings, trust Hummingbird to make their investigations 10x more efficient and effective.

If you are a current customer, learn more by signing in to Hummingbird and visiting our help center or reaching out to our team at support@hummingbird.co.