What CFOs can do to Protect Data Security
Data security is not in the job description of the CFO or anyone specifically on the financial team, however it has become a factor that needs to be paid attention to by everyone. Hackers have developed more sophisticated tactics over the years, and without proper steps taken to combat this, anyone on the team is vulnerable to make a mistake, or be the weakened entry point of a data breach.
As a leader in control of the company’s finances, the CFO needs be more aware of this for a few different reasons:
CFOs are a target- Being the head of the company’s most sensitive financial information, CFOs are an ideal target for any type of hackers. Gaining access to any of the data systems in the CFO's hands will open up a world of opportunities for hackers. One of the more famous scams is the Business Email Compromise scam in which a hacker is able to break into the email account (an easy access point without proper measures) and instruct other people in the company to perform wire transfers to the hacker’s account. BEC scams are well known, but hacking any data from a CFO has disastrous potential. Thanks to LinkedIn and company websites, it’s not hard to find the CFO's information, the only question left is how aware and prepared are you?
Hacking can drain the company- To put it simply, data breaches are expensive. The potential monetary loss of customers, data, ransoms, or rebuilding can cost the company millions. An IBM survey estimated that the average cost of a data breach in 2015 was $3.79 million! In addition to the quantifiable price and loss of revenue, lack of faith in the company can be an even bigger hit. Customers will think twice before using a service that was recently hacked, and it can lower morale and a feeling of safety for the employees at the company as well.
CFOs are risk leaders- Part of being the head of finances is leading risk management. This adds the additional burden of assessing risk when making financial decisions which can’t always be quantifiable. A good financial deal, especially when outsourcing, not only has a monetary value, but has a risk value as well. Making sure the outsourced company takes proper security measures is just as important as making sure that they complete the work. In addition, the CFO needs to create a culture of security by making sure that everyone inside the company understands the security implications.
These are a few of the reasons why CFOs need to be more aware of protecting the company’s data. In a survey conducted by CNBC, 28% of CFOs cited hacking as the biggest external threat they face, well ahead of consumer demand risk, the 2nd place factor. Now we will discuss what CFOs can do to mitigate the risk.
Communicate and prioritize
Security and data privacy might be the responsibility of the CIO, but the CFO communicating with that department is key to ensure that everything is going correctly on the financial side. CFOs should learn the basics of data protection technology, which entails being proactive and partnering with IT experts. This will help filter the confidential data from the less confidential in order to prioritize the company’s protection.
Implement security in forecasting
Budgeting and forecasting does not only pertain to numerical data, but it also involves creating “what-if” scenarios. Unfortunately, data breaches are a real and common threat and need to be implemented in forecasting. Starting from worst case scenarios all the way down to small data leaks or privacy breaches, creating a backup plan for these circumstances can ensure that the entire company is well prepared for these scenarios.
Some FP&A softwares are built for budgeting and forecasting and can be a good addition for CFOs trying to organize and automate forecasting. Quantifying the potential losses of revenue and reputation and putting it on paper may help encourage the executives to implement extra data protection services which the company has been on the fence about.
Financial data can be some of the most important data in the company, so although it isn’t the CFOs direct job to take outside steps to protect it, sensitizing the organization about the importance of security is. This can be done by performing compliance exercises and assessing the control of the company on enterprise security.
The financial controller aspect comes out when there are areas that need improvement. Although preparation is similar to forecasting (in that it involves thinking ahead), preparation is playing a more active role which will potentially avoid the need for using the forecasts if they come true.
Security is an ongoing process
In addition to preparing and forecasting, it is important to set policies and check-ins for the cybersecurity measures in the finance department. Unlike the other steps, this one pertains specifically to what is part of the CFO’s realm, as checkpoints and ongoing meetings are unrealistic for departments of the company not under direct control of the CFO. An example of this can be submitting cross functioning reports in communication with IT, in which the evolving state of financial data security is discussed and improved.
The ever changing role of the CFO which is talked about so much, involves multiple ways of taking steps to protect the company from data breaches and hacks. Working from home increases this risk due to employees connecting to different networks and potentially being less careful than they would in the office.
Furthermore, data security should be looked at as having a set budget or as an investment, due to the fact that it is hard to quantify the consequences of this. Forecasting and scenario planning can help put a number to the damage and show the severity of the implications if something were to go wrong. Lastly, as a leader, it is the CFO’s job to show responsibility and set a workplace culture. This is especially true when dealing with the very real threat of hacking and privacy, which can easily ruin the reputation and motivation of the company.