Does your company bank online? Have QuickBooks or PeachTree online? Take credit card transactions online? Have any financial information online? Have a website or an email address? If you answered yes to any of these questions, you are at risk for a cyber security threat.
It’s no question that as technology evolves, the issue of financial leaders and cyber security becomes more important to deal with. There have been countless companies in the last 10 years that have experienced cyber security issues.
But what do financial leaders and cyber security have to do with one another?
Download the External Analysis whitepaper to overcome obstacles and react to external forces, such as cyber security issues.
In December of 2013, Target experienced a major security breach where over 40 million credit card numbers were stolen. Apple battled the United States government in the San Bernardino case because creating a back door would open Apple’s customers to huge security risks. In late 2015 into 2016, Home Depot had 56 million credit card numbers stolen over the course of a 5-month period.
Even though Target, Apple and Home Depot are large companies, small companies are also a major target for cyber attackers. Just in Houston, I’ve come across stories of impersonation of an entity to capture checks, tales of credit card breaches and email hacking, and these are only a few examples.
Cyber security is defined by Wikipedia as “the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.”
The issue of cyber security is ever growing. Hemanshu “Hemu” Nigam, founder of the security advisory firm SSP Blue, estimates that this industry will reach $170 Billion by 2020. There’s a reason for this growth though: an increased supply of hackers and the security threats they cause creates increased demand for cyber security tools and programs. Just like you would install a security system to protect your home, it’s important to create a wall of protection around your web-based assets.
Cyber security and financial leaders are not often associated with one another. But if we break it down, cyber security threats occur primarily because of one reason – money. As a financial leader, it is your sole responsibility to safeguard the financial assets of the company.
Managing cyber security is a necessary evil that can sometimes add up to a sizeable expense on your income statement. Ideally, you need to protect everything in your company. But if you are a small business owner with a only couple of employees, that may not be an option.
There are two types of consequences to a cyber attack or threat: immediate and long-term. Both of these need to be quantified. What will it cost you to deal with the immediate crisis at hand (stolen credit card numbers) as well as the long-term damage to your reputation? It’s easy to see how the costs of a breach can add up.
Conduct an external analysis to discover areas that outsiders might find attractive to penetrate. Where are you vulnerable? Just like you would protect your social security number from identify theft, protect the financial integrity of your company.
[box]Don’t skip evaluating all external factors that can impact your company. Download the External Analysis whitepaper to learn how to start.[/box]
The US Department of Homeland Security warns that,
[quote]Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes are now perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.[/quote]
Phishing is an email scam that retrieves access to your computer after clicking a link. This is like opening the back door for thieves to take your TV, computer, prized possessions, etc. from your home as you sit on the couch watching. These sinister emails often play upon fears that if you don’t click the link some sort of harm will follow.
You’ve probably received phishing emails personally, but can it really be a business issue? Imagine receiving an email saying that your company website is being used for spamming and spreading malware and that you need to download a report to check it out. Your first instinct is to protect your company’s reputation, so you are understandably alarmed and tempted to check out the report. Sensible financial leader that you are, though, you realize that this is a scam.
Sound far-fetched? It happened to a client last week…
Companies experience impersonations or social media fraud which can severely impact a company’s image, brand, and reputation.
Have you ever seen those emails where a superior grants you access to wire a large sum of money into an account? This type of attack targets individuals rather than the company; but the company still loses out.
As firms get larger, hackers, phishers, and cyber-attackers start to target them. Another way to prevent cyber attacks is to vet who comes in the door in the first place. Criminal background checks, monitoring of access, and password difficulty are all ways to reduce the risk of attacks, increase the limits of the flotation of financial information, and decrease the ease of accessing company documents.
If you feel that you’re at a greater risk for attack, get cyber insurance to help mitigate the costs and expenses associated with recovery. Not only does this cover expenses if you are attacked, you will need to put preventative measures and best practices into your firm to decrease the risk of attack in order to get the policy in the first place.
HBR argues that most cyber threats occur internally. Therefore, financial leaders need to see these internal attackers as an external force that has infiltrated the company. HBR suggest starting with the basics to prevent cyber attacks. While keeping communication open between team members is key for a transparent environment, being too naked will tempt a team member, such as Bob the accountant, to steal information for his own benefit.
Because business consists of humans, it’s important to realize how flawed people are. Analyze your team’s habits, current life status, and anything else that might cause them to act out. If you work with them daily, then acknowledge their cyber and interpersonal activities. If you begin to see them change those habits, then raise up a flag because there may be an issue that could damage your company.
Even well-intentioned employees can cause harm if they are uninformed. Educate your team on the various ways that scammers can attempt to breach your company, particularly through phishing emails. Encourage them to check their social media and personal email accounts on their own devices while on breaks to minimize the exposure of company data to outsiders.
Cyber attacks are a real external threat for companies of any size.
To mitigate potential damage, it’s important to put into place practical prevention tactics. But where do you start?
Begin by educating employees (especially those with access to financial information), creating difficult to crack passwords, updating any software/plugins/compliances, and being aware of areas of vulnerability.
Once you are able to identify areas that hackers might infiltrate, it’s time to start building a strategy to respond. Download the free External Analysis whitepaper identify those areas. Overcome obstacles and be prepared to react to external forces.
[box]Strategic CFO Lab Member Extra
Access your Strategic Pricing Model Execution Plan in SCFO Lab. The step-by-step plan to set your prices to maximize profits.
Click here to access your Execution Plan. Not a Lab Member?
Click here to learn more about SCFO Labs[/box]