This article was updated on June 13, 2018.
The corporatization of cybercrime presents a growing threat to organizations, as it leads to threats that are more organized and ambitious in scope. Additionally, according to CFO.com, cybercrime has become more advanced and deceptive over the years. Strong cybersecurity is more important than ever, and finance leaders can play an important role in protecting their firm and its information.
From employee training to updating software, here are five ways finance leaders can protect their firm from the corporatization of cybercrime.
1. Create and Implement a Plan
Good security practices start with a comprehensive written plan. This plan should evaluate the organization's systems and identify vulnerabilities in data security, network security, website security, facilities and operations. It should also identify strategies to reduce these vulnerabilities and how the organization will respond in the event of an attack. An effective cybersecurity plan should also include buy-in from many parts of the organization. Finance and HR can often be high-profile targets for cybercrime because of the amount of information each department holds.
2. Update Software and Systems
According to Ernst and Young (EY), outdated information security controls are a common cybersecurity vulnerability. Organizations should consider employing software as a service (SaaS) anti-phishing services and abandoning manual processes that expose businesses to unnecessary risk. This means reducing the use of unprotected spreadsheets and limiting data access to only the necessary users. Businesses should also adopt solutions that can encrypt emails, constantly update firewalls and employ a diverse array of data storage options. Because they automatically update, cloud computing security solutions can also help ensure security software is up-to-date.
3. Educate Employees
IBM reports that more than 95 percent of all security breaches are because of unintentional human error. Finance leaders should work with HR departments to establish clear policies that encourage safe computing practices. Employees should also be trained to identify phishing, an effective technique where criminals can digitally pose as coworkers, superiors and even the HR department to obtain sensitive data. As the mass of digital communication grows, it's becoming harder for workers to identify phony links and requests.
4. Regularly Change Passwords
According to CNBC, passwords are "the weakest link" in cybersecurity and have led to many high-profile attacks. Employees might see it as a burden to manage dozens of different passwords for all of their accounts and create obvious login credentials, but you should still improve your organization's security by instituting solutions that require employees to change passwords every three-to-six months and require a complex mix of characters, numerals and symbols. Another way to boost security is through multilevel authentication that includes biometrics or text messages with access codes.
5. Get Specialized Support
Many organizations are highly vulnerable to cyberattack because they lack the knowledge to identify and mitigate their risks. Those that don't feel they have IT departments with the necessary capabilities should consider an outside consultant to help create a plan of attack to update pertinent systems and ensure they're taking actions to optimally protect themselves.
The corporatization of cybercrime will likely continue, and the frequency and complexity of cyberattacks will likely rise as a result. But finance leaders can play a role in significantly reducing risk by encouraging planning, investing in new systems and working with HR to educate employees. As cyberattacks largely remain crimes of opportunity, reducing vulnerabilities can go a long way toward thwarting attacks.