5 CFO-Worthy Cybersecurity Strategies

Regular readers of our blog know we often open posts by exhorting leaders of small to mid-size businesses (SMBs) to think and act like “big-time CIOs.” We understand that functioning as the chief executive and chief IT officer is typical for SMB leaders.
But those aren’t the only hats they wear. Most of the time SMB executives also carry financial responsibilities. And in today’s digital world, playing the role of CFO should heighten concerns about cybersecurity because, as described in a recent ITBusinessEdge slideshow, “finance remains one of the most vulnerable areas for malicious attacks.”
Research by the consulting firm Deloitte shows financial services companies lose on average more than $20 million annually from data breaches. But big banks and similar institutions are not the only ones at risk. Any company’s internal assets are susceptible – no matter its size or shape. According to ITBusinessEdge editors, “leakage, manipulation, ransom, or other malicious intent” endangers a CFO’s relationships, which trade on trust. Furthermore, breaches of financial information about a company and its employees could create costly business disruptions, loss of market share and hefty fines from regulatory authorities.
So, what can an SMB leader with financial responsibilities do? ITBusinessEdge recommends five CFO-worthy strategies for “staying ahead of cyber threats.” Here’s a digest:
Train and Reinforce Cybersecurity Practices – Every employee, not just IT staff should receive education about cybersecurity trends and threats — from front-line staff to the top of the org chart. A security awareness program should be a priority for any SMB executive with financial duties, because understanding the risks of cyber attacks and their potential impact is vital knowledge for protecting critical financial data.
Evaluate Data, Prioritize Protection – All information is not created equal. An overly cautious approach – i.e., protecting all company data to the utmost level at all times – may be not only expensive, but impractical for most SMBs. Data moving from behind a company’s firewall to outside institutions – e.g., treasury, core accounting and revenue management information – may present higher risks than inwardly focused managerial information – e.g., expense management, planning and forecasting. Treat cybersecurity as a risk management exercise, ranking and prioritizing data to optimize spending on protective measures.
Map Info-Assets – Last year, a study by the advisory firm EY found that only four in 10 companies hold an “accurate inventory of their data ecosystem.” Ranking data for optimal protection provides little value if the finance and security teams understand little about where information resides and how it’s accessed by users inside and outside of the organization.
Think Holistically – When assessing the company’s vulnerabilities to cyber threats and the risks of damage to the business, take a broad perspective. Consider the long-run strategic and operational effects of a breach beyond the short-term IT emergency.
Test Often, Adjust Continually – SMB executives with financial duties should be the chief advocates of vigilance. Run test scenarios to ensure cybersecurity measures are functioning and fine-tuned – not just within the finance department but across the organization. Here’s where the benefits of outside support are felt most. Work closely with an IT Managed Services Provider (MSP) to support cybersecurity plans.


. . . . . . . .

Leave a Reply