This article was originally posted at Acumatica Blog
What do KPIs & reporting, planning for growth, communicating financial information, achieving auditability, and handling compliancehave in common? They’re all the top five technology challenges we’ve covered in our Modern CFO series. Today, we’ll talk about another top technology challenge: how you can keep your company’s data secure.
In every organization, the Modern CFO is the gatekeeper to valuable and confidential information. However, it’s not just CEOs, shareholders, and creditors who have been getting their hands on this information. Cyber-attacks have targeted businesses with regular frequency, with some attacks yielding a treasure trove of confidential information.
As the primary individual responsible for your company’s financial and other sensitive data, you, the Modern CFO, are on the front lines trying to fend off these malicious attacks.
Know where the security gaps exist
Every company faces a set of universal security challenges, and it’s important to identify the areas that can easily be controlled but pose the greatest threats:
- Access to sensitive data (banking, HR, ERP, etc.): Keeping track of who has access to your sensitive data is important. Limiting access to business-critical applications, enforcing strong passwords, and changing passwords regularly when employees in key positions leave the company can help mitigate the risk of leaking sensitive company data to unauthorized individuals.
- Access to sensitive reports: Modern business applications and financial management software are designed to enforce user and role-based security measures, guaranteeing that only authorized individuals have access to the sensitive information described above. Even so, financial, engineering, sales and marketing reports are often shared electronically with others within the company or printed for presentations and then carelessly discarded in waste baskets, making it easy for prying eyes to see, whether they are employed by the company or not. Develop and enforce procedures to ensure that sensitive reports and presentations are never accessible to individuals without the proper access.
- BYOD and mobile devices: Mobile devices have helped increase productivity and job satisfaction from the clerk at the loading dock to the service representative in the field. And mobile computers allow employees to be productive while on the road. But each device poses a threat that, if not properly handled, can invite a cyber-attack on your company. Enforcing strong security, discouraging the use of public WiFi hotspots, and limiting access mobile devices have to your mission-critical applications will help reduce the threats posed by employees using mobile devices.
- Phishing attacks: Hackers attempting system access by impersonating a legitimate entity looking for passwords, account numbers, or employee data pose a grave threat to a company. Training all employees how to look for and identify these risks will reduce the chances your company will fall victim to a phishing attack.
Consequences of a security breach
A breach of company data, whether it is bank access, customer data, or intellectual property can have severe consequences that can affect a company for years.
Financial loss – The most obvious financial impact is the loss of capital in the event of illegal access to the company’s financial institution and financial software. But there can also be other financial losses: legal costs, court ordered restitution of compromised customer data, employee fraud and theft, and the cost of reconstructing the company’s data in the event an attack erased critical company information.
Legal implications – A breach of customer data, including emails, passwords, and credit card information, can open a company to legal liabilities that can not only affect the company’s financial position, but also impact the company’s stock price, reduce the ability to attract new investors, and bog the company down in legal actions for years to come.
Damage to company reputation – The damage done to company’s reputation as a result of a data breach can be severe. It will be difficult, perhaps impossible, to rebuild your reputation following a cyber-attack.
Loss of intellectual property – A data breach can also include access to the company’s intellectual property, the most valuable asset in a company’s portfolio. Having your competitor steal your new product ideas and/or beat you to market will definitely impact your top and bottom line.
Each of these consequences have cost companies millions of dollars, and, in some cases, have caused companies to close their doors forever.
How to reduce data security risks
It’s important for upper management, and your entire team, to understand security risks and the financial investments needed to combat these issues. The following measures provide a good start to protecting your company’s critical data and none of them are very difficult to do.
- Develop and support a company-wide security program: Work with the head of IT and other key executives to develop a security policy and plan for the entire organization. This includes ensuring strong passwords, keeping software applications up to date, and making sure network access is secure.
- Educate all employees of their role in keeping company assets safe from attack: Develop a program to train all employees about the risks of a data breach and actions they can follow to reduce the risk of attacks.
- Enforce user access rights/permissions: Enforce strict limits on who can access sensitive data from the company’s mission critical systems.
- Consider cloud ERP software: If you have not moved your ERP to the cloud yet, consider doing so soon. Hosting providers such as Amazon Web Services and Microsoft Azure have advanced security features and intrusion detection systems that most small-and-mid-sized companies cannot otherwise afford. In most cases, your data is more secure in the cloud than it will ever be in house.
- Keep your facility and employees secure: Make sure your company is safe not only from computer-based attacks, but from unauthorized entry to the building as well as to sensitive areas of the facility. In addition to network security measures, consider installing card readers to all entrances to the facility, installing security cameras throughout the building, providing well-lit parking areas, and any other measures that will keep your company—and employees—safe.
Data security at the top of the Modern CFO priority list
Keeping your company’s mission-critical applications and data secure is an important element of the Modern CFO’s growing list of responsibilities. Understanding the risks and taking meaningful steps to mitigating those risks can help protect you, your company, and your employees and customers from financial loss or worse.
If you haven’t yet invested in a cloud ERP, contact our team with any questions about Acumatica’s cloud ERP software or to request a demonstration. You can also check out our highly-rated Acumatica Financial Management edition and our Reporting, Dashboards, and Data Analysis Toolkit for further information.