Hi Team,
As part of our ongoing commitment to protecting customer data and maintaining compliance, the Security Team has reviewed our current loan application processing workflow. We recommend the following actions to strengthen our security posture:
  1. Verify all form submissions and uploads use secure HTTPS.
  2. Minimize data exposure by disabling entry storage in Gravity Forms.
  3. Enforce Multi-Factor Authentication (MFA), Single Sign-On (SSO), and strong passwords for all accounts accessing WordPress, Salesforce, and PowerBI.
  5. Lock down access to the WordPress backend, including hiding the login page from the public default path.
  6. Secure database access by using least-privilege accounts, secrets management, encrypted backups, and performing regular restore tests.
  7. Harden Salesforce by implementing strong authentication, field-level security, encryption, and malware scanning for uploaded files.
  8. Automate deletion of old data to ensure we meet our 1-month retention policy.
Implementing these recommendations will help us reduce risk, protect sensitive information, and support our compliance obligations.
If you have any questions or need assistance with these actions, please reach out to the Security Team.
Thank you,
Security

(646) 630-7618

Sign Up For Our Newsletter

Join

Discover

About

Products

Copyright 2025 Strategic Funding Source, Inc. All rights reserved. Kapitus and the Kapitus logo are registered trademarks of Strategic Funding Source, Inc. Loans made or brokered in California are made or brokered pursuant to California Finance Lenders License No. 603-G807.