October is cybersecurity awareness month. Here are five tips to help finance leaders get a head start.
October is cybersecurity awareness month — and while organizations can never drop the ball on securing corporate networks, the end of summer is a great time to pause, take a deep breath and take a hard look at security processes currently in place. Is your business doing enough? Where can finance leaders improve? How can your organization stay ahead of threats?
From mitigating systemic threats to evaluating internal controls, reducing BYOD risk, boosting email security and educating employees on data safety, we've collected the top five tips to help enhance your security posture.
1. Stemming Systemic Financial Risk
As noted in Cybersecurity Attacks: The Rise of Systemic Financial Risk, the interconnectivity of modern organizations leads creates both tremendous opportunities for businesses and attackers alike. The result? Costs are on the rise with enterprises out almost $1 million per attack. More worrisome? Systemic, widespread threats such as popular POS compromises or "runaway algorithms" could have global repercussions. Staying safe means recognizing this new threat vector and implementing new security controls, such as cloud-based monitoring systems for automated algorithms that communicate with human IT personnel and ensure all third-party security expectations are clear and in writing.
2. Improving Internal Controls
Effective cybersecurity awareness demands solid review and testing, particularly when it comes to internal controls. As explained in Reevaluating Internal Controls for Financial Security, while permission-based controls are essential, organizations also need to stop and ask themselves why specific controls are in place. It's also a good idea to regularly audit and test your control system for faults, then ask employees to "swap roles" for a day to get a fresh perspective — new users often see issues that staff using the system every day might overlook.
3. Mitigating BYOD Risk
Finance leaders can't avoid BYOD, but they do need a reliable way to mitigate potential security risks. As noted by Mitigating Risk in BYOD Security, "corporate networks can be easily breached through lapses in BYOD security" and this risk is increasing as employee devices diversify. The solution? Start with reliable, cloud-based mobile device controls that let IT monitor connections, regulate downloads and wipe data at a distance if required. Just as important? A robust mobile management policy which clearly states expected employee conduct and potential consequences.
4. Evolving Email Security
Despite the rise of SMS and video conferencing, email remains the go-to corporate communications method. The problem? As noted by Leading the Charge: HR Managers and Employee Email Security, 30 percent of phishing emails are still opened by employees and more than 10 percent of staff click on suspicious links — putting entire networks at risk. Security here requires a dual effort: First, organizations need to leverage technology controls such as Transport Layer Security (TLS) and Domain-Based Message Authentication, Reporting and Conference (DMARC) to manage obvious attacks. Next, finance leaders should tap human resource professionals as "the ideal choice to design people-friendly training plans, which help staff recognize potential email scams and report any accidental opening or downloading." Put simply? Tech solutions combined with "human firewalls" can help evolve email security efforts.
5. Educating Employees on Data Safety
Employees are also a feature in the effort to improve data safety. As the article 4 Methods to Enhance Data Security highlights— "data security begins with the employee." But what does this look like in practice? First, staff must understand the value of their network credentials; passwords and login details should always be kept confidential. Next up is strong password creation. Consider: Bill Burr recently took back his advice on regularly changing passwords and ensuring they're replete with numbers and symbols. Now, experts suggest that employees create strong passwords composed of phrases or concepts they'll remember, and to only change these passwords in the event of a potential breach. Last but not least? Restrict access per-employee and across departments.
Cybersecurity awareness month offers the opportunity to take stock, evaluate current processes and make infosec improvements. Start strong — address systemic and BYOD risk, improve internal controls, evolve email access and educate employees to shore up corporate security.