Is Your Financial Director Influencing Cybersecurity?
If not, they should be. Actually, I think the Chief Financial Officer should be on top of cybersecurity. You may regard this as more people to muddy the already cloudy waters, and consider financial input intrusive. On the downside, is your Financial Director capable of asking intelligent questions about cybersecurity? No offense meant.
For those in finance, regulations are important. When serious cyber incidents occur, organizations can face regulatory fines, lost business, operational downtime, and damaged reputation. Did you know, organizations that experience these incidents never recover their reputation? Gone forever.
What else would be legitimate area for the finance team? Probably General Data Protection Regulation (GDPR), if it applies to your privacy data. By the way, if it doesn’t apply, you should start thinking about it, as all the US states are considering, or have already passed, privacy laws, such as the California Consumer Privacy Act (CCPA). It is going to come back and bite you sooner or later, you know. Ok, back to finance.
Well, let’s think. Almost 99.99 percent of cybercriminals want what? Monetary gain. Who holds the key? The finance team. Attackers like to taunt employees with requests, which appear to originate from a high-level employee, for the transfer of funds, often referred to as ‘man-in-the-email attacks.’ For those of you who don’t find this amusing, the proper term is business email compromise (BEC). There are many who fall for this approach. Maybe the finance team would like to know how you are preventing these types of attacks?
And now we have a tough one. What the finance team believes IT and cybersecurity staff are doing, and what they are actually doing. A good example is the theft of thousands of records that no one knows happened, which we read about all the time. How can that be? One survey found that 58 percent of companies have over 100,000 folders open to everyone. That is very tempting for your cybercriminal, malicious insider, or hard-working employee who just happens to send confidential information to a business partner. Since criminals are adept at luring unsuspecting employees to open links in emails, the computer itself could be an accessory to the crime. Let the finance team do a cost-benefit analysis of your security, and projects, and provide you with the results.
Be proactive. Ask your finance people if they have any questions about cybersecurity. Hey, it might be a good way to fund some of your projects, as they have control of expenditure. If the finance team isn’t knocking on your door this minute, read about how one of our clients faced insider data breaches head-on. Or you could check out our GDPR, data discovery and classification, and information security solutions. We can make both the finance and security teams happy.