Data security should be everyone’s concern, but when it comes to senior executives, the responsibility goes up a few notches. And it’s not just the CEO and the CIO who need to be abreast of it, but also the CFO – the person in charge of the finances.
Security breaches are commonplace. While the high-profile ones will make headlines, there are millions of far smaller ones which don’t – but that doesn’t mean they haven’t happened. The problem is growing, too, as the number of records exposed in data breaches rose by 97 percent in 2015. It’s not hard to see why: hackers make money by targeting information, with whole companies set up for this purpose.
So, as a CFO, what do you need to consider when it comes to information security? Here are our top five things you need to know:
- Sensitive data has multiple weak points
It's the nature of business today: we exchange electronic information to get things done. However, that is an inherent challenge in protecting data because as it moves from one point to another, it can be intercepted or compromised (and not just ‘electronically’, either: information on a piece of paper could be just as valuable to a hacker).
Data security is only as strong as the weakest link; as implied, CFOs need to be aware of what those links are and put in place appropriate policies and protocols to mitigate risk. That includes measures such as encryption, AV and intrusion detection, and firewalls.
- The cloud is SAFER
Yes it is. Cloud providers tend to invest millions in security and put in place the best software and techniques available for data protection. They have to, because a breach would deal a catastrophic blow to confidence. Certainly, reputable providers like Microsoft can afford a lot more expertise, systems and solutions for security than your business can.
Assess the security of your cloud solutions provider by asking what measures and certifications are in place – the provider should be happy to deliver the necessary assurance.
- Employees are often the weak point
All the best technological measures and proven policies will mean nothing if employees don’t have a ‘security mindset’. Information can easily leak, through printed documents, emails sent to the wrong recipients, applications which aren’t logged out of, or password sharing. Disgruntled ex-employees is another major potential source of a breach – particularly if their credentials aren’t revoked when they leave.
For CFOs, the problem is obvious as their team works with financial and customer information systems. That drives up the necessity to take charge of data security, with defined access, a information security culture and close attention to how employees handle company data.
Be prepared for a breach
It’s generally a good idea to assume that it is a case of ‘when’ not ‘if’ a breach will happen. Take that approach and you’ve made the first step towards being prepared for a breach. Have a plan of how you will react to stop the attack, then mitigate the potential consequences. Your strategy should hinge on what information is lost or threatened; establish a policy and protocol to assess the damage, remedy it, communicate with stakeholders, and establish preventative measures. The assistance of a trusted security expert is highly recommended.
This fight never endsIt would be great to say once your security systems and processes are in place, the job’s done. But it isn’t. Security is an ever-shifting target and the attackers, with much to gain, keep looking for new ways to get into your data. That means vigilance is necessary; for busy CFOs, it is a good idea to look to an expert provider which will routinely conduct assessments and update the security posture regularly to keep your company safe.