CFOs and Cybersecurity: Are You Doing All You Can?

CFOs and Cybersecurity

As chief financial officer (CFO), your influence continues to expand, as you balance tough decisions, forecasts and planning, board demands, compliance, tax issues, and more. Further complicating day-to-day matters is a factor that has quickly become just as pressing: the threat of Internet-based data leaks.

Recent years have seen hackers breach the cybersecurity of major retailers, medical companies, entertainment corporations and consumer websites. The Identity Theft Resource Center points to more than 300 major data breaches in the past decade, each of which exposed the information of more than 100,000 individuals. This loss of data can greatly affect a company’s reputation.  

While you’re the CFO, not the head of technology or internal audit, you have a role in making sure the organization’s cybersecurity efforts get off on the right foot and have the support needed from the top.

Here are four tips to consider while your organization is formulating a cybersecurity strategy:

1. Help identify risks

You know your organization best. Accompany your chief information officer (CIO) or information technology (IT) department to seek input on key risks from department directors early on in the planning stages. Your security experts can advise you, but recognize that simple precautions like stricter password requirements and more frequent password changes can sometimes prevent low-level attacks without major disruptions or large expenditures.

2. Be aware of problematic dismissals

In the wake so many high-profile cyber attacks, the FBI and the Department of Homeland Security warn businesses of risks from within. A betrayal of trust by a former employee is not a common occurrence, but as the CFO, you need to stay informed on possible problematic dismissals in case problems do arise. Your IT department will take steps to prevent the possibility of an attack by deleting employee accounts and monitoring network access, but you can get ahead of the curve by making sure your organization is taking steps to make solid, lasting hires.

3. Practice what you preach

You need all of your employees to follow cybersecurity best practices for your organization. Be sure you’re doing the same by changing your passwords regularly, at least once a year, and choose secure passwords over easy-to-guess options like important dates, sports teams and alma maters, or names of family members. Don’t leave your computer workstation “unlocked” when you’re going to be away from your computer for extended periods of time, and avoid writing down your passwords where they could be found. Most importantly, encourage your staff to follow your lead. They’ll get lots of instructional messages from IT, but a reminder email from the CFO about their cybersecurity responsibilities will drive home the point.

4. Bring all hands on deck

The CFO wears many hats, but don’t try to do it all. It may go without saying, but your IT department will be taking the brunt of the load in your cybersecurity defense planning, as they’ll be the ones working on software, protocols and system operations in the event of a breach. Input from other areas can also be valuable. Include board members in cybersecurity planning to help ensure a consistent direction.

A Protiviti survey polled organizations that had a cybersecurity component in their audit plan, and 69 percent said their board of directors showed a high level of engagement in reducing cybersecurity risks.

With technology progressing by leaps and bounds, it can be challenging to stay abreast of new developments in the battle for cybersecurity. Use the resources available, create a thorough plan and periodically review the measures you have in place to keep your defenses strong.

Are you looking for more of the latest development and trends in the finance and accounting industry? Visit our resource page and follow our blog