Welcome to The Ledger where we sum up the latest finance and accounting news for you. This week, we've rounded up resources for taking on cybersecurity challenges in the accounting function. Read on for a refresh on what solid cybersecurity looks like, what you need to know about coming cybersecurity regulations, where cybersecurity is weakest, and how to strengthen it.
Build a Cybersecurity Foundation - See What to Strengthen
Everything is digital now, and any CFO knows that includes threats to their organization's digital security. For a few years now, that fact has meant ramping up security measures to combat the increase of all kinds of cyberattacks — from phishing to ransomware. With so much of the working world's data living in different places online, leaders have had to implement and maintain multiple lines of defense against cybercriminals.
For the finance and accounting function, where the stakes are especially high and leaders need to protect cash and assets, it's increasingly urgent for leaders to take action and stay vigilant, starting with these "building blocks" of cybersecurity:
Cloud security – There's been a push to migrate data into the cloud in recent years in the interest of cybersecurity, and it's certainly safer than local storage. But it's also become the first target of hackers probing for weaknesses, so it's important to add layers of security to defend information on the cloud.
Perimeter security – most companies have an intranet that's managed locally. Where your organization's forward-facing networks meet these locally managed ones, there's a border (or perimeter) that can be vulnerable to cyber-attacks.
Network security – Your organization's network is where everything happens: wherever computers connect to one another, the cloud or the public internet. Leaders should take action to protect it from malice externally and internally.
Endpoint security — An endpoint is any device someone can use to interact with data. This includes laptops and phones, of course, but it also refers to barcode scanners, POS devices and anything connected to the internet (the so-called "internet-of-things"). Because humans use them so often, they're vulnerable to human error and need to be locked down.
Application security – because apps run on internet-accessed servers within browsers, they're likelier to be exposed to insecure networks that provide easy access to hackers. This makes them high-risk targets and securing them should be a high priority, too.
Security Operations Center (SOC) — An SOC is a designated function within the organization whose job it is to strengthen and be proactive about cybersecurity. They look for and respond to cyberattacks, but also spend time educating workers within the organization on security best practices.
With these in place, you can stay a step ahead bad actors to protect the privacy, data and assets for your organization and the clients it serves.
To go into even more detail about each of these foundational elements of cybersecurity, read the full article at forbes.com.
Complexity in Cybersecurity is its Biggest Weakness
Obviously, networks and their access points are complex, and every time we add something new — an app, for instance, or set of entry points — they become more so. And complex challenges require complex solutions, right? It might seem that way, given the wealth of options and next-generation solutions that finance leaders have at their fingertips.
But some cybersecurity experts argue that every time an organization adds a new tool that promises another level of security, they weaken its cybersecurity infrastructure by introducing more opportunities for it to fail. To avoid complicating matters, leaders should consider a few important questions before implementing something new.
Which assets hold the highest value?
Where are they vulnerable?
How can I mitigate that?
Are my mitigation efforts effective?
By doing this, leaders in the finance function can determine where to spend the bulk of their effort, time and money and identify instances where they can reduce complexity and eliminate redundancies. To take a deeper dive into these steps, read the full article at forbes.com.
Get Ready for New Cybersecurity Regulations - Follow These Steps to Strengthen Your Defenses
For a long time, it was up to private companies to determine the best ways to protect themselves and their clients from bad actors. As the cyberattacks these bad actors deploy increase in scale and severity, however, that's changing. New regulations are on the horizon or on the books already, mandating everything from localization requirements to incident reporting rules.
The best way to stay compliant is to be proactive, and finance leaders can stay ahead of them all by taking a few simple steps:
Review your current procedures: Take stock of what you're already working with so you know how to adjust them when the time comes.
Implement or update ransomware policies: Do you know what your organization's policy is on ransomware attacks? Some new laws could affect the legality of your response so review those laws and rewrite policies as needed.
Prepare for new requirements: New legislation might require you to maintain a software bill of materials (SBOM) that outlines exactly what software you're using, even if it's bundled with other software.
Watch the headlines: Don't be caught off guard! Someone (or a team of someones) should be tasked with watching proposed and passed legislation and their potential impacts so you have a zero-day action plan ready to go.
For more information about what's coming and what you can do to prepare, read the full article at hbr.org.
How Businesses Can Fight Cyberattacks
It's time to stop thinking about cyberattacks as random, one-off events. Hackers don't really differentiate between public and private entities. They can be opportunistic, which means they're industry-agnostic, and they're becoming ubiquitous. Everyone should be prepared, which means at minimum, organizations should:
Lock up credentials – Consider using a password manager to secure account credentials, especially if they're shared among teammates. Always use multi-factor authentication to log in.
Update, update, update – it's tempting to just hit "Update Later" on your devices, apps and browser. Resist it. While you're at it, make sure your cybersecurity protocol is up-to-date, too.
Educate employees – A lot of cyberattacks are frustratingly simple. Do your employees know how to identify phishing emails and know not to click on suspicious links?
Invest in a VPN – Especially in the remote work era, using a virtual private network and having your employees do the same keep data encrypted and protected.
A lot of cybersecurity threats are easier than you think to combat. It all starts with knowing how to strengthen your cybersecurity. See which basics you should be implementing when you head over to fastcompany.com to get the complete strategy.
As the CFO role evolves, many top-tier finance leaders are taking ownership of technology initiatives. See how Personiv can help you devote more time to implementing cybersecurity measures.