How to Protect Sensitive Information in the Remote Work Era

June 22, 2023 Mimi Torrignton

Financial executive learning the best ways to protect information in the remote work era

In this episode of CFO Weekly, Megan Weis speaks with Ben Chrnelich, President and Chief Financial Officer at Symphony, about cybersecurity, record management, how to protect your information in the remote work era, and monitoring issues stemming from remote work. We discuss how Symphony has put measures into place to accommodate remote working whilst still protecting from cyber security breaches, reasons for the recent explosion of cyber threats, and why CFOs need to maintain constant awareness of the potential threats their organization is facing at any given time.

Ben has spent his career focused on enabling trading organizations to utilize technology that drives efficiency and productivity. Having spent the last two decades in several financial and management leadership roles at organizations such as Charles Schwab, Lehman Brothers, and the New York Stock Exchange, Ben now works at Symphony, a capital markets platform focused on market infrastructure collaboration workflows and provides a community capability to all professionals working in financial services and capital markets. He is also the current Co-Owner of Real Central NJ Soccer.

Show/Hide Transcript

Welcome back to CFO Weekly, where we're talking with financial leaders about how to build efficiency in their teams, create time for strategy, and ultimately get results. With your host, Megan Meese. Let's jump right in today.

Megan - 00:00:31: My guest is Ben Chrnelich, president and CFO of the markets, infrastructure, and technology platform Symphony. Ben has a passion for capital markets technology and has spent his career focused on enabling trading organizations to utilize technology that drives efficiency and productivity. Over the past two decades, he has held financial and management leadership positions at Charles Schwab, Lehman Brothers, New York Stock Exchange, and IPC, where he drove business strategy to adapt to the constantly evolving trading landscape. When not working, Ben enjoys coaching soccer for New Jersey ODP and his daughter's teams. Ben, thank you very much for being my guest on today's episode of CFO Weekly.

Ben - 00:01:15: Thanks, Megan, I appreciate you inviting me and really looking forward to our conversation.

Megan - 00:01:19: Yeah. Today we're going to be discussing cybersecurity, record management, and monitoring issues that have stemmed from remote work, particularly in financial services. And with the increasing frequency and sophistication of today's cyber threats, this is a topic that nobody can afford to ignore. I'm really looking forward to learning from you. So let's get started.

Ben - 00:01:39: Fantastic.

Megan - 00:01:40: First and as always, let's start with you and your career journey and how it is that you got to where you are today.

Ben - 00:01:47: Thank you very much. So, currently, I'm President and CFO at Symphony. Symphony is a capital markets platform that focuses on market infrastructure, collaboration, and workflows, and provides a community capability to all professionals working in financial services and capital markets. So we have a community of over 600,000 users and are a kind of 24/7 system that a lot of people rely on as they're working through their capital allocation, trading, and communication all across Wall Street investments, institutional asset management, and related technology. I've been here about a little over three years. I would say the first half of my career was really on the investment banking, capital markets, and trading side. So I spent a lot of time working on trading floors, capacities of business management, finance operations, working with a lot of our regulators, and different liquidity centers, and a lot of involvement in acquisitions and mergers. So was always in financial services, and capital markets, spent time at Robertson Stephens in San Francisco. We're kind of right in the middle of the Internet boom. And that cycle was at Lehman Brothers for a number of years in New York and the Equity Sales and Trading Group, and after 2008, moved out of the kind of core investment banking trading side to New York Stock Exchange and had an opportunity to help build the commercial technology business at NYSE, which was a really fascinating experience for me as I was able to really understand the buying cycle, the purchasing cycle, how clients and organizations that I've been part of thought about their technology roadmaps and how we as technology providers and solution providers, could help build into those roadmaps. After NYSE was acquired by Ice, I stayed on for a little bit of time to help with some of the divestitures and integration work that they needed to get done. And then was CFO at IPC, which is now a technology organization providing trader voice and electronic networking and data distribution, was there for about six years and then came over to Symphony.

Megan - 00:03:51: So I'm just curious, talk to us a little bit about the workflows that Symphony helps manage. What kind of workflows are those?

Ben - 00:04:00: So it's communication and collaboration and I would say data dissemination. So from a communication standpoint, we have one of the leading trader voice platforms or products in what we call Cloud Nine. And so that allows traders in a screen-based and mobile-ready environment to speak directly with their clients on the buy side or traders at other organizations. And that's done over high audio, high quality, recorded, compliant, and direct dial environment. If you just can imagine a trading floor where you have individuals that are talking into a speaker voice trading or communication, that's done over a very secure, encrypted, specific, purpose-built voice communication platform. That's one thing that we run. We also have a full collaboration suite of messaging, integrations with Microsoft, teams with Zoom, and our own voice and video capabilities. So people internal to their firms and then external to other firms are able to communicate in a secure and encrypted manner. On the Symphony platform, everyone is identity verified, so it's a known community of participants. So if somebody from an investment bank messages you over Symphony, you have a very high degree of confidence or almost complete confidence that you're interacting with that person, which is not always the case with other platforms. And then we do what we call a lot of compliant, enabled federated messaging, which is a lot of words to say that you can use Symphony to talk to individuals on SMS, WeChat, or WhatsApp. So if you're a regulated user, so you're regulated by the SEC or the CFTC or the different agencies that provide the regulatory framework for broker-dealers and capital markets firms. There are certain requirements that you have to meet in how you communicate with clients in the forums and mediums you use for that communication. Symphony allows you to connect to your client's messaging tools, so you're always in compliance with those rules. But at the same time, clients can speak to you on the platform that they're most interested in using. Yeah, absolutely. We have about 2000, we call them bots, but that run on the platform. About 75% of those are built by our clients. They look at manual processes in the trade workflow and they can use Symphony to automate those processes. So it can be something as routine as sending information between a depository and a custodian and a settlement agency. It can be research tags and information that's being pulled out it can be pricing info that is disseminated prices that were transacted at that's disseminated across the platform. And so people really look at it simply and say, there are so many people connected, there are 600,000 users on the platform. What daily tasks can we automate and just put into a process instead of having an individual to have to work through those specific items? And so that really drives efficiency because automated tasks are better than manual tests.

Megan - 00:06:59: So can you discuss some of the cybersecurity challenges that financial services companies have faced during the shift to remote work and also what measures Symphony has taken to address these challenges?

Ben - 00:07:10: Yeah, absolutely. I think cybersecurity is being someone that's been in the capital markets technology space for most of my career. Cybersecurity has always been a topic I've spent time on, really came to the forefront of my thinking and focus when I was at New York Stock Exchange. As one of the leading markets in the world and maybe the most well-known stock exchange brand in the world, we were a top-five institution of hacks or attempted hacks on a daily basis. So we implemented and employed some of the top cybersecurity experts in the world to ensure that the integrity of the New York Stock Exchange markets was never breached and that we had a really good sense of how to fight and impact cybersecurity threats. And they could come from anywhere, right? It could be a group of individuals that were nefarious and trying to truly do damage to the integrity of the markets. It could be probably amateur individuals who just thought it'd be fun to poke around and see if they could get into a New York Stock Exchange trading system. So to me, we think about cybersecurity. We rely so much on the integrity of the information that is given to us, whether it's messages that come across, whether it's prices and size trades that are communicated or emails that come through sensitive deal information. You think of where we operate in capital markets. Almost every message or every element of communication that people have tied into sensitive information. It could be individual private client information. It could be mergers and acquisitions, it could be IPO syndicate allocations. There are all these things that happen in the flow of capital that have privacy around them that other people would love to know, certainly for nonlegitimate purposes. But it's information that folks want to get at ostensible profit from that information. So there are really two elements. One is, can you protect the information that resides within a company's environment to ensure that external people cannot get access to it? And there are all sorts of tools for that. With Symphony, we're encrypted end to end. We do not see any of the information flow. There's probably any month, there's 175 to 200 million messages that come across the Symphony platform. We, as Symphony, never see those actual messages. So we're the platform and the distribution and the deployment and the endpoints that get the message from one person to another. But that message data, that message, the actual content sits within the clients. So we really are a very secure system and no one can break into Symphony and then see those messages on the same side. We want to make sure for clients that everything is encrypted so that there's no ability to intercept a message or understand information that is coming across. So for us, that security encryption is absolutely critical. Then there's how do you keep your information within the right community? And I think there are so many times, especially in email, everyone's made the mistake of typing the wrong email address in or missing someone's name by one letter or inadvertently adding the wrong person who may have a very similar name to a confidential email that goes out. And all of a sudden you've exposed confidential information and breached a cybersecurity policy. Within Symphony, we every day are verifying back to our clients and our customers the exact identity of the people on the platform. And for us that identity management and that identity confirmation and knowledge is absolutely critical because if you're sending information, a file, a document, a term sheet, a SIM, whatever it may be, you know, the people that are in your Symphony room or your Symphony collaboration channel are those people and are verified on a daily basis. So I think cybersecurity is a big area of spend and investment banks are always looking to ensure that fraud is mitigated, that phishing attempts are tracked and mitigated. But you think of how easy it is for people to access their financial information. Today you can log on to your brokerage account on an app and move significant amounts of money with a couple of keystrokes. You can log on to your bank account on an app and pay bills, move money, transfer money, wire money, and certainly criminal activity has figured out how they can intercept some of those flows and look to either steal actual funds or become aware of information that could lead to them doing things, potentially profit from it.

Megan - 00:11:36: And this is a bit of an aside, but I've been reading a lot lately about artificial intelligence. So can you talk to us at all about how that's changing the landscape of cyber threats?

Ben - 00:11:48: Yeah, absolutely. And interestingly enough, about three or four weeks before Chat GPT called hit the market and gained so much awareness, we purchased a company called Amenity Analytics which was an AI and NLP so natural language processing programming firm focused on capital markets. So they have models and artificial intelligence that can read through earnings reports, research reports, and other content that is relative to or related to capital markets firms and then pull out or tag the elements in that report that are most pertinent to a trader or research analyst. They can do sentiment analysis, they can understand things that are said, how those things correlate to other activities that may happen. So AI and NLP have become a really important part of the trading ecosystem in the trading environment. Now, the risk is that you just believe everything that you hear from Chat GPT. And I heard something on CNBC the other day. One of the anchors was talking about putting information and asking questions into some of these AI models. And the information that came back was inaccurate. And they said I knew it was inaccurate because I had read something different and I had read the actual source document. But for whatever reason, the model wasn't trained appropriately to pull the most accurate information back. So the models are only as good as the information that's there. And it's amazing, the work, and it's truly kind of mind-blowing, some of the work that can come out, but from integrity of information and validation of information, you can't just rely on an AI model to tell you exactly what you need to know in the current context. So we're working with a number of our partners on helping develop AI models that are specific to capital markets that we are comfortable with the integrity of the information, the reliance of that information, and the validity of that information. Because if you're purporting to give somebody stock prices or earnings release trends or performance of a company, you need to make sure that those numbers are verifiable audible, and reliable. Otherwise, you just have a bad model and you're not going to have people interested in looking at your information.

Megan - 00:14:00: And how has Symphony adapted its record management policies and practices to accommodate the increase in remote work and the use of personal devices for work purposes?

Ben - 00:14:11: Great question. We're a global company, around 600 people. We have individuals in our New York office, London office, Paris office, and Sophia Antipolis, which is in the southern area of France. We have a team kind of covering the APAC region. And then we have individuals that work in other locations that are not tied into a specific Symphony office. We're definitely a hybrid work culture. We have days where we have a lot of people that are in one of our offices, and there are other days where people are working remotely, either at client sites or bouncing around visiting clients, or at home or in a different environment. And we really had to adjust how we think about arguing. Now, one, we do a lot of our internal work over Symphony. So wherever you are, as long as you're operating within the Symphony platform and the Symphony framework, we're very comfortable with us being able to ensure that information is not leaving the organization in a manner that we wouldn't want to. We also do a lot of training with employees. Right? I mean, the world is so intertwined between personal and work applications that you really need to be cognizant of what work are you doing in an environment that's not secure. So if you're on a personal laptop and you're in a Google Doc, does that inadvertently expose that Google Doc to a different environment than you would want it to? We're fortunate that the technology company, we have very technologically adept professionals working here, so they really understand what they need to do and how they need to operate as it relates to confidentiality, security, and accessibility of information. And so we really try and give out all the tools for individuals to ensure that whether it's on their PC, on their iPhone, on their Android, on their iPad, on their Surface, whatever technology platform they're using, they can operate their Symphony professional work responsibilities and in a secure environment.

Megan - 00:15:58: And what steps have you guys taken to monitor employee behavior and prevent data breaches while employees work remotely?

Ben - 00:16:06: We don't really monitor employee behavior. We've all read some of this, seems a little crazy. How many keyboard clicks does somebody have or how many times is their mouse moving around? You see kind of some funny things on Instagram micromanage. Yeah. What we really look at is the effectiveness of employees and kind of goal attainment, the engagement both in person and virtually throughout the day, throughout the week, and also activity on Symphony and some of our other platforms. So we invest a lot of time in analytics platforms. We use Domo. We use adaptive. We use Salesforce. We do look just inherently at who is most active in those environments, right? Like, what's happening from a client standpoint? What are the client updates that we're talking about? What are client sales pipelines looking like in our Domo analytics? Where are the regions and the teams that are seeing a certain amount of activity? I think we have the normal compliance tools in place to help remind people about the sanctity of information and the non-distribution and dissemination of information. But we don't have tools in place that I would say monitor behavior. But we do have policies that we really make sure everyone understands the criticality of the professional technology environment that we need to stay in and the risks of getting information outside of that technology environment.

Megan - 00:17:26: And I'm not sure if you can or not, but can you discuss a specific incident or threat that Symphony faced within the realm of cybersecurity during the shift to remote work and how the company responded to that?

Ben - 00:17:39: Yeah, we've been fortunate that we haven't had any breaches or security hacks that would impact the integrity of the system. That said, like any platform, Symphony is subject to hacks and cybercriminals quite frequently. So a couple of things that we've done at one point we had something that was called Public Symphony, where anyone could sign up for Symphony and have some degree of limited access into the Symphony community. Now, we had a verification process that we would go through and we had an identity process that we went through to make sure that we had some knowledge of those individuals. As Symphony became more popular as a platform and more people were working in a remote fashion, we just decided to take that public capability away. We knew it could impact business a little bit, but we thought there was just too much risk. And we saw unfortunately, we were able to catch them, but we saw instances of people trying to gain access to the system and not really having a logical reason to do it or coming in from locations that were known for high degrees of cybercriminal activity. We deal with all the normal email phishing and other areas where people are trying to gain access through links and we get texts from people on, can you wire money here, can you wire money there? So we do spend a lot of time with our employees, helping them understand. What are the instances that people would ever ask you for certain types of information? What are the steps that you go through if you get these? And our CISO spends a lot of time looking at incoming threats, hacks, and attempts to make sure that we have security around those. We do work with some of the top hosting providers and data center providers in the world and are constantly partnering with them on how to think about their protection and alleviating the number of opportunities that people can try and break into our ecosystem.

Megan - 00:19:29: Why do you think it is that cyber threats seem to have just exploded in the last, I would say maybe three to five years? I often wish people would spend half the time doing good that they're spending trying to do something evil. So why do you think it is that this has really become such a problem in the last five years?

Ben - 00:19:54: Because it's profitable. Yeah, that's my personal view that people are engaging in cyber warfare and cyber criminality because ultimately they can make money off of it. And at what used to be the kind of funny emails you get about if you send me $1,000, I'm going to release $5 million into your bank account. And someone's like, oh, that sounds like a good idea, let me go do that, to where it's much more sophisticated can we figure out how to put spying software on someone's personal phone and see what their login codes are to their brokerage account and then can we move money out? Think about the amount of money that moves across the world on an hourly basis. Trillions of dollars are moving around all day long, right? And if somebody can say, hey, I figured out how to step in and take a little bit of that out of the system and you see it through credit card fraud, through phishing, through access to accounts, to just outright scams of deposits, automated debits into accounts. You just think of all the things that happen on a fraudulent basis and people are still making money off of it. And it's this ongoing balance between it is easier to trade off your phone, your iPad, or your computer than it is to pick up the phone, call a broker, place an order, and then wait to hear what that order was filled at. And trading volumes have increased exponentially through this. The liquidity, transparency, pricing, and end consumer engagement in their financial affairs and financial decisions have really increased quite a bit due to technology. But it's also opened up these pathways where people can just get into your information and try and take your money.

Megan - 00:21:45: So as these threats become more and more sophisticated, how do you educate your employees to avoid them or not click on this or that?

Ben - 00:21:56: I think it's really people understanding the seriousness of the impacts that can happen if you inadvertently allow a hacker into an environment. And if you think on any given day how many apps you open, how many emails you answer, how many texts are coming in, how many links are sent to you, it's just you can get in that routine of, I'm opening this, I'm checking this, I'm looking at this, I'm asking for this, I'm typing this password here. So we really spend a lot of time on what are the best practices for security. So we have dual authentication for all of our applications. We have ways. We have obviously, passwords, login checks, identity verification, and just ongoing awareness of the threats that are out there. To me, it's the balance between things just becoming routine and people can pick up on a pattern versus understanding what just seems out of the ordinary and unlikely that that would happen. And I was cleaning up some of my text this morning, and I think it was a bit ironic that I was having this conversation with you today, but I had a text last week, purportedly from our CEO, saying, hey, I'm in a conference call. I'm in a conference meeting right now. I can't get out, but I need you to send to wire some money. You just text back to me so I know you got this, and I'll let you know exactly what needs to be done. Now, our CEO would never actually do that with me over text, but it was just such a casual type of text that an average person could be like, oh, maybe someone needs something and they're texting me, they have my number, and it's coming across to this person, sure, let me respond back. And as soon as you respond back now, all of a sudden you're engaged in a step that gets it closer to doing it. If you imagine that an individual is sending out thousands and thousands of texts like that all day long, all they need is one or two to fall for it, and they've probably taken tens of thousands of dollars illegally.

Megan - 00:23:46: And how does Symphony stay current with the evolving landscape of cybersecurity threats?

Ben - 00:23:52: Yeah, that's a great question. So, two things. One, our ownership group contains upwards of 20 of global commercial investment banks. So we really do get access to and we're the privilege to work with some of the top minds across financial services and capital markets in cybersecurity. We as a software platform, are right alongside the technology teams at all the banks. So our technologists do have the opportunity to work across 20 to 30 different global banks, understanding what they're doing around fraud prevention, and cybersecurity protection, and gaining that knowledge. And then as a company, we also invest millions of millions of dollars a year in cybersecurity. We have a Chief Information security officer. He spends a lot of time looking at the threats that are out there educating people on things that are coming in, things that are as simple as updating your browser version because there's a new hack or a new threat. The exposure that came out to our sock. Two audits to constantly looking at the infrastructure of what's coming in and making sure that we have the right software in place, the right monitoring tools, and the right alerting tools that when things happen that are not part of our normal pattern that those are quickly escalated because we are the foundation of our company is based on encrypted and secure communication between market participants. And we can just never be in a situation where the integrity of that communication is breached. So for us, it's critical that we're current with both our investors, and our customers, and then also internally as to how we ensure the sanctity of all that information.

Megan - 00:25:33: And what advice do you have for CFOs out there listening today on how they can protect themselves from these threats? Yeah, their companies. Sorry.

Ben - 00:25:45: Yeah, I mean, you have to have a great partnership with your CIO, with your CSO, with your product team. I think the job and the role of the CFO have evolved so much in the past ten or 15 years. It's so beyond just numbers and reports and metrics. It's really someone effective CFOs to understand their technology environment. They understand the technology tools that are in place. They understand the different companies that provide security and software to the organization. And they understand and appreciate the criticality that a CIO has in protecting that infrastructure. And it's not cheap. If you want to have a secure and protected technology infrastructure, you do have to invest money in that. And it's not always money that you can see that direct return from, because it may not lead to a sale or it may not lead to product expansion or deployment. But if every day you know that those investments are protecting your environment from intrusion, hackers, downtime, from people prohibiting you from deploying your software, that is a pretty important investment. So knowing the technology infrastructure, being really strong business partners with the technology executives, and being aware, like, constantly looking at what's going on in the company and where are areas that we have risk-taking. The SoC two audits. Very seriously talk with consultants that come in that see threats from other areas and have that extra antenna up of what can go wrong, how we're protecting against it, and ultimately, what is the customer impact if something does go wrong and having those plans in place that you can quickly remediate if a problem does arise.

Megan - 00:27:25: Great advice. So, last question. As a finance leader, what is it that keeps you motivated?

Ben - 00:27:31: Yeah, I think for me it's really two things. One, I love the pace that I always have of technology innovation and capital markets. And at the heart of capital markets, it's about the flow and allocation of capital to businesses, to companies, to organizations that need that capital to grow and operate whatever product or service they're delivering. And then investors are able to find organizations that they want to put their money into and help grow. It sounds very simple, right? But it's a trillion dollars market that happens all day long. And for me, just the technological innovation that's happened over the past 20 years is inspirational. 20 years ago, we were mostly voice trading. Volumes are very low. The sophistication of products was minimal. Customer transparency, end-user price transparency, liquidity, and products, all were like still very early stages. And you look at how the markets evolved over the past 20 years, it's been technology applications that have created more price transparency, more liquidity, better capital options, and different types of structures that meet the needs of corporates and individuals as they're thinking about their own capital profiles. And for me, being a small part of that industry for a long period of time is really motivating. And then second, I've been fortunate in my career and certainly at Symphony, to work with a great team. Whether it's the corporate team across finance, HR, corporate development, or our broader commercial and product, and engineering teams, this industry attracts some really smart people, very motivated people, very thoughtful individuals. And for us folks that really want to help drive technological efficiency and software efficiency into our clients, we're always solving problems. This is an industry where you're asked to solve problems all the time. And for me, it's motivating to be given a problem and work with a really good team on figuring out how we give solutions to those problems.

Megan - 00:29:25: Great answer. Ben, thank you so much for being my guest today.

Ben - 00:29:28: Thank you for the invitation. It's a really important topic. I'm sure it's something that we will continue to talk about for years as there's the ongoing battle between those that want to use technology for really good purposes and then those that are trying to penetrate that for not-so-good purposes.

Megan - 00:29:45: Yeah. Well, I appreciate you taking the time to be here with us today and I wish you and Symphony all the best. And to all of our listeners, please tune in next week, and until then, take care.

If you're ready to boost efficiency and streamline your accounting processes at significant cost savings, it's time to talk with Personiv. Their people-powered solutions have transformed the delivery of back-office tasks and general accounting functions for decades, partnering with clients to provide everything from accounts payable to payroll services. See what Personiv can do for you by visiting Personiv.com.

You've been listening to CFO weekly presented by Personiv. Please subscribe wherever you get your podcast to hear all of our episodes. Want to learn more? Check out Personiv.com. Thanks for listening.


In this episode, we discuss the following topics:

  • The new cybersecurity challenges faced by financial services companies amidst the shift to remote working

  • Reasons for the recent explosion in cyber threats

  • Advice to CFOs to protect their organizations from cybersecurity breaches

Key Takeaways:

Cybersecurity and Information Challenges in the Shift to the Remote Work Era

Quote cybersecurity information challenges in the shift to remote work

Cybersecurity has been at the forefront of Ben’s thinking for most of his career. Having previously worked in the New York Stock Exchange, where some of the top cyber security experts in the world are employed to ensure that the integrity of the markets is never breached. Financial services companies rely heavily on the integrity of information given to them, and almost every element of communication contains sensitive information. This needs to be protected by a two-pronged approach. Firstly, the information in a company’s environment must be protected from external people, for example via end-to-end encryption. Then you also need to consider how to keep information within the right community. Most people will have made the mistake of miss typing an email address, exposing confidential information to the wrong person, so identity management and confirmation are critical.

“We rely so much on the integrity of information that is given to us and whether it's messages that come across, whether it's prices and size trades that are communicated, emails that come through sensitive deal information or you think of where we operate in capital markets, almost every message or every element of communication that people have into sensitive information,” Chrnelich said. - 07:00 - 11:35

Adapting Record Management Policies and Practices to Accommodate Remote Work

Quote Ben Chrnelich, President and Chief Financial Officer at Symphony

Symphony is a global brand with a hybrid work culture. The team completes most of their internal work using the Symphony platform, as they are comfortable that the information will not be leaving the organization in a way that is not intended. They further have employees complete a lot of training, ensuring they know how to operate, maintain confidentiality, security, and the appropriate amount of accessibility of information in every environment they are working in.

“I mean, the world is so intertwined between personal and work applications that you really need to be cognizant of what work you are doing in an environment that's not secure. So if you're on a personal laptop and you're in a Google doc, does that inadvertently expose that Google doc to a different environment than you would want it to?” Chrnelich said. - 14:01 - 17:26

The Explosion of Cyber Threats

Quote cyber threats and how to protect information in the remote work era

In the last five years, cyber threats have become far more common, something Ben believes to be down to them being profitable. There has been a transition from scam emails to using software to find login points to a person’s brokerage accounts. It is easier to trade on personal devices, but this has also opened up pathways for cyber threats. To avoid falling victim to these threats, it is important to educate on the serious impact a potential breach could cause and introducing security systems such as dual authentication.

“If people are engaging in this cyber warfare, cyber criminality, it’s because ultimately they can make money off of it,” Chrnelich said. - 19:30 - 23:46

Advice for CFOs to Protect Their Information in the Remote Work Era

Quote advice to protect information in the remote era

It is imperative that CFOs have great partnership roles with their CIO, product team, and CISO. The role of a CFO has massively evolved in the last decade. An effective CFO understands their technology environment and appreciates the criticality the CIO has in protecting their technology infrastructure. This is an investment, but it is incredibly important. Further, they have to be constantly aware of where there may be risks across the company, knowing what can go wrong, how to protect from it, and how it would impact the customer bases if it were to go wrong.

“If you want to have a secure, protected technology infrastructure, you do have to invest money in that. And it's not always money that you can see that direct return from because it may not lead to a sale or it may not lead to your product expansion or deployment. But if every day you know that those investments are protecting your environment from intrusion from hackers, from downtime, from you know, people prohibiting you from deploying your software, that is a pretty important investment,” Chrnelich said. - 25:33 - 27:25

For more interviews from the CFO Weekly podcast, check us out on Apple Podcasts, Spotify, and our RSS or your favorite podcast player!

Instructions on how to follow, rate, and review CFO-Weekly are here.

Get in touch with the Personiv team to find a perfect plan to support your team and achieve your goals in the new era.

Previous Article
Bookkeeper? CPA? Fractional CFO? Setting up a Nonprofit Finance Department Structure That Works
Bookkeeper? CPA? Fractional CFO? Setting up a Nonprofit Finance Department Structure That Works

Setting up the finance department structure of your nonprofit — and staffing it with qualified accounting h...

Next Article
The Importance of a Sound Financial Strategy in Your Wealth Management
The Importance of a Sound Financial Strategy in Your Wealth Management

Learn about the importance of having a sound financial strategy in your business. We discuss the difference...