Mon, 21 Jun 2021 Today's Paper

Cybersecurity best practices for CFOs

23 March 2017 12:00 am - 0     - {{hitsCtrl.values.hits}}

A A A

In today’s digital world, cybersecurity is an issue that is top of mind for every company. 
Whether it’s worrying about the malware threat from employees chasing Pokémon around the office, to large scale breaches such as that seen with a leading US fast food restaurant chainearlier this year, executives face a greater challenge than ever in ensuring that data is protected in the enterprise.  
While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. Information is the new tool of war – beyond customer information, a company’s internal assets are also at risk, from financial and strategic plans to employees’ personal data and so on. An attack on this data (either for leakage, manipulation, ransom, or other malicious intent) could seriously endanger CFOrelationships and trust with a number ofimportant parties. It could also lead to business disruptions and loss of market share, not to mention potentially hefty fines.
So how can companies, in particular CFOs, stay ahead when it comes to cybersecurity? 


Educate your workforce on security threats
Cybersecurity is not merely an IT concern. It is a complex challenge that entails an enterprise-wide approach.Outside of IT, it is essential that every employee, from line managers to the C-suite receive training on cybersecurity trends and threats. 
Whether it is setting up a company-wide training or nominating a cybersecurity subject matter expert whose role is to set overall standards and advise the board.Given the high stakes, understanding a company’s risk is a critical component in fending off a potential breach. This should be a key priority for the CFO to make sure that the risk of cyber attacks is understood, and potential impacts are addressed, especially when it comes to protecting critical financial planning documents.Cybersecurityis a shared responsibility and should be addressed across all constituencies of the company.This begins with the CFO being well-informed about various risks and involvingstakeholders in a mindful dialogue.


Rank your data
In response to the growing number of breaches, many companies have taken an overly cautious approach, deciding to strictly protect all of their data. However, not only does this come with a hefty price tag but, since resources are often limited, it could also mean overlooking some valuable assets. 
According to a 2014 study from Saugatuck Technology, many finance departments tend to be more cautious when it comes to moving data from the ‘money’ function – such as treasury, core accounting and revenue management data – to the cloud, but tend to be less concerned with managerial data such as expense management, planning and forecasting.Data assets need to be classifiedbased on sensitivity and business value. Not all information is critical or confidential – in order to prioritize data protection needs, CFOs should work with their finance teams to evaluate which data is critical and rank it appropriately. Today, with companies sharing more and more information across multiple geographies, stressing on critical data can further highlightkey impact subjects.


Know where your data lives
Once data is evaluated and ranked, it is also important to know where the data lives and how it can be accessed. This might seem like a ‘no-brainer,’ but a recent EY study found that only 40 percent of companies hold an accurate inventory of their data ecosystem. 
In order to truly protect information, CFOs and finance teams need to understand how it is being accessed in order to get a holistic picture of potential vulnerabilities.It is crucial to identify and examine information flow across the enterprise as well as its extended networks. Given the dynamic background in which companies function,substantial activities such as data mapping and classification can boost an organization’s responsiveness when under threat.


Managing risk and address vulnerabilities
Cybersecurity is no different than any other risk assessment that a CFO needs to perform in order to keep the finance department running smoothly. The CFO is responsible for managing the risk created by or impacting their finance operations. 
Applying a root cause approach is very relevant in this case as it will help find the weakest link, but it is important to not stop at IT impacts. To understand the real exposure of each vulnerability, roll up the risk chain and assess the business, strategic and also operational impacts resulting from a data breach.This will also help determine which areas need to be allocated focused training and resources.


Think ahead and have a proactive strategy in place
The best defense is a good offense, so it’s critical that CFOs routinely run test scenarios to make sure that protective measures are functioning, and weaknesses in the structure are addressed.  
It may not be the best idea to encouragefinance teams to attempt to hack their own data, but we do recommend partnering with your IT department and letting the experts run some tests. Internal auditors assure management and the board that they are receiving accurate information, and ensure structural risks are addressed. By being proactive, CFOs can deter future breaches before they unfold, as well as protect their own personal liability in the event of a breach.
Cyber-attacks ultimately damage a company’s reputation which is why it’s important that CFOs take the right stepsto completely equip their organization.Given theincreasing sophistication of threats and data breaches, cybersecurity should beregularly reflected upon and entrenched within the corporate culture.
(The writer is the Chief Financial Officer, SAP, Indian Subcontinent)

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

  Comments - 0

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

 

 

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment


GSP+: Isn’t there a way out?

The European Parliament’s resolution on Sri Lanka on June 10 was the second

Is Litro Gas above the regulator?

After an in-house battle among members of the top management of the Consumer

Statistical blunders expose administrative weaknesses

Information helps save lives and during a pandemic a free-flow of vital, accu

Vavuniya tusker’s demise DID TOO MANY ‘COOKS’ SPOIL JUMBO’S RECOVERY?

On June 11 Sri Lanka lost another one of its magnificent tuskers that succumb



See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.