Tag Archives | cyber security

Financial Leaders and Cyber Security

Does your company bank online? Have QuickBooks or PeachTree online? Take credit card transactions online? Have any financial information online? Have a website or an email address? If you answered yes to any of these questions, you are at risk for a cyber security threat.

It’s no question that as technology evolves, the issue of financial leaders and cyber security becomes more important to deal with. There have been countless companies in the last 10 years that have experienced cyber security issues.

But what do financial leaders and cyber security have to do with one another?

Download the External Analysis whitepaper to overcome obstacles and react to external forces, such as cyber security issues.

Financial Leaders and Cyber Security

In December of 2013, Target experienced a major security breach where over 40 million credit card numbers were stolen. Apple battled the United States government in the San Bernardino case because creating a back door would open Apple’s customers to huge security risks. In late 2015 into 2016, Home Depot had 56 million credit card numbers stolen over the course of a 5-month period.

Even though Target, Apple and Home Depot are large companies, small companies are also a major target for cyber attackers. Just in Houston, I’ve come across stories of impersonation of an entity to capture checks, tales of credit card breaches and email hacking, and these are only a few examples.

Cyber Security Definition

Cyber security is defined by Wikipedia as “the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.”

The issue of cyber security is ever growing. Hemanshu “Hemu” Nigam, founder of the security advisory firm SSP Blue, estimates that this industry will reach $170 Billion by 2020. There’s a reason for this growth though: an increased supply of hackers and the security threats they cause creates increased demand for cyber security tools and programs. Just like you would install a security system to protect your home, it’s important to create a wall of protection around your web-based assets.

How It Impacts Financial Leaders

Cyber security and financial leaders are not often associated with one another. But if we break it down, cyber security threats occur primarily because of one reason – money. As a financial leader, it is your sole responsibility to safeguard the financial assets of the company.

Managing cyber security is a necessary evil that can sometimes add up to a sizeable expense on your income statement. Ideally, you need to protect everything in your company. But if you are a small business owner with a only couple of employees, that may not be an option.

Consequences

There are two types of consequences to a cyber attack or threat: immediate and long-term. Both of these need to be quantified. What will it cost you to deal with the immediate crisis at hand (stolen credit card numbers) as well as the long-term damage to your reputation?  It’s easy to see how the costs of a breach can add up.

Conduct an external analysis to discover areas that outsiders might find attractive to penetrate. Where are you vulnerable?  Just like you would protect your social security number from identify theft, protect the financial integrity of your company.

Don’t skip evaluating all external factors that can impact your company. Download the External Analysis whitepaper to learn how to start.

Cyber Attacks

The US Department of Homeland Security warns that,

Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes are now perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.

Types of Cyber Attacks

Cyber attacks of various forms are recognized as a real problem that destroy a company.  But what are some examples of cyber attacks that impact financial leaders?

  • Corporate Security Breaches
  • Malware
  • Phishing
  • Social Media Fraud
  • Advanced Persistent Threats (APT)
  • Individual Wiring Attacks

Phishing

Phishing is an email scam that retrieves access to your computer after clicking a link. This is like opening the back door for thieves to take your TV, computer, prized possessions, etc. from your home as you sit on the couch watching.  These sinister emails often play upon fears that if you don’t click the link some sort of harm will follow.

You’ve probably received phishing emails personally, but can it really be a business issue?  Imagine receiving an email saying that your company website is being used for spamming and spreading malware and that you need to download a report to check it out.  Your first instinct is to protect your company’s reputation, so you are understandably alarmed and tempted to check out the report.  Sensible financial leader that you are, though, you realize that this is a scam.

Sound far-fetched?  It happened to a client last week…

Other types of cyber-fraud

Companies experience impersonations or social media fraud which can severely impact a company’s image, brand, and reputation.

Have you ever seen those emails where a superior grants you access to wire a large sum of money into an account? This type of attack targets individuals rather than the company; but the company still loses out.

How to Prevent Cyber Attacks

As firms get larger, hackers, phishers, and cyber-attackers start to target them. Another way to prevent cyber attacks is to vet who comes in the door in the first place.  Criminal background checks, monitoring of access, and password difficulty are all ways to reduce the risk of attacks, increase the limits of the flotation of financial information, and decrease the ease of accessing company documents.

If you feel that you’re at a greater risk for attack, get cyber insurance to help mitigate the costs and expenses associated with recovery.  Not only does this cover expenses if you are attacked, you will need to put preventative measures and best practices into your firm to decrease the risk of attack in order to get the policy in the first place.

Harvard Business Review’s Take

HBR argues that most cyber threats occur internally. Therefore, financial leaders need to see these internal attackers as an external force that has infiltrated the company. HBR suggest starting with the basics to prevent cyber attacks. While keeping communication open between team members is key for a transparent environment, being too naked will tempt a team member, such as Bob the accountant, to steal information for his own benefit.

Because business consists of humans, it’s important to realize how flawed people are. Analyze your team’s habits, current life status, and anything else that might cause them to act out. If you work with them daily, then acknowledge their cyber and interpersonal activities. If you begin to see them change those habits, then raise up a flag because there may be an issue that could damage your company.

Even well-intentioned employees can cause harm if they are uninformed.  Educate your team on the various ways that scammers can attempt to breach your company, particularly through phishing emails.  Encourage them to check their social media and personal email accounts on their own devices while on breaks to minimize the exposure of company data to outsiders.

Conclusion

Cyber attacks are a real external threat for companies of any size.

To mitigate potential damage, it’s important to put into place practical prevention tactics. But where do you start?

Begin by educating employees (especially those with access to financial information), creating difficult to crack passwords, updating any software/plugins/compliances, and being aware of areas of vulnerability.

Once you are able to identify areas that hackers might infiltrate, it’s time to start building a strategy to respond. Download the free External Analysis whitepaper identify those areas. Overcome obstacles and be prepared to react to external forces.

Financial Leaders and Cyber Security

Strategic CFO Lab Member Extra

Access your Strategic Pricing Model Execution Plan in SCFO Lab. The step-by-step plan to set your prices to maximize profits.

Click here to access your Execution Plan. Not a Lab Member?

Click here to learn more about SCFO Labs

Financial Leaders and Cyber Security

0

Outsourced Workers: Do You Need More Hats or More People?

Outsourcing is something that has always existed, but has seemed to become the “norm” for most companies. outsourced workersRightly so, outsourced workers are an easy solution for financial leaders to mitigate costs.

The big question we’re asking is: Do You Need More Hats or More People?

If you’re looking at outsourcing, the first step is to complete an internal analysis to study your strengths and weaknesses. Need guidance in conducting an internal analysis? Download the free Internal Analysis Worksheet now. 

This is our third and final blog of our “are you wearing too many hats?” blog series. Initially, we started with the concept of having “too many hats“… meaning you as a financial leader have been given additional roles that go outside of what you thought you signed up for.

In our last blog, we discussed how millennials transition our CFO roles from traditional “CFO hats” using more innovative tactics. We also analyzed how technology may be able to help you complete the unfinished tasks in your company.

CFOs are currently struggling because of their many hats. What do you do when the weight of responsibility is too much?

Our Answer is Delegation

I recently moderated a Q & A panel of three CFOs, and heard very different answers from all three when discussing how to handle their “too many hats.” An interesting response was delegation, and handling too many tasks. How do you delegate these tasks, and who do you delegate them to?

One solution is outsourcing.

How Technology Connects You to Outsourced Workers

As discussed in our last blog, technology impacts a company by relieving some of the responsibilities on individuals.  Routine tasks can often be performed by computers, freeing up workers to spend their time on more value-added tasks.

Due to cloud computing and improved applications, outsourcing your work is a lot easier and cheaper. 

How Much Does Outsourcing Save You?

I know what you’re thinking… “Why don’t we just polish what we’re lacking on and allocate our budget to that?”

Some projects are more costly than others. For perspective, let’s say you were starting a new company and needed to design the website. The costs of hiring programmers and engineers in house would be tens, maybe hundreds of thousands of dollars. Compare this to a few thousand you can pay to workers outside of your company.

When starting your own company, you should also consider outsourcing projects that you are unfamiliar with. Although it is important to learn all aspects of a company, you don’t need to do it all at once. Having outsourced workers saves you money and time and provides expertise that you may currently lack.

In my own company, we outsource a lot of projects nationally and internationally (particularly with the one-time deals). We even outsource the projects to other companies, not just freelanced workers. Because our current staff is not as familiar with graphic design, we hire freelancers to do our designs and white-papers. We come up with the content, however, which reflects how employees provide the value-added information in a company.

What Should You Outsource?

We want to make sure that the tasks we delegate are the tasks that don’t necessarily make us money. What does that mean? Here are a few that we recommend you consider outsourcing:

A better question would be, what can you not outsource?


Click here to download: The Guide to Outsourcing Your Bookkeeping & Accounting for SMBs


The Risks of Outsourcing

Although outsourcing is a great solution to get rid of some of your hats, you may want to be wary of what you assign…

Value-Added versus Non-Value-Added Tasks

Often, we have to decide which tasks are more important than others. Even within the office, you have to choose which tasks to hand off to other trusted employees, and which tasks you need to complete yourself.

Typically, you would choose the value-added tasks because you, as a financial leader, are meant to add value to the company. You don’t want to assign important tasks to freelancers or offshore outsourced employees, because (presumably) no one does it as well as you do. Which brings me to my next point…

Do you find yourself gradually outsourcing more tasks for your company, rather than handling them yourself? Download this free Internal Analysis white-paper to find out why.

Laziness to Learn

So you’ve got a good set of employees, as well as outsourced workers. The budget is comfortable and your company is running smoothly. No one wants to change a system if it’s working fine, right?

Wrong.

As a CFO or financial leader, you are meant to be the wingman to the CEO of your company. The company should always seek to grow and adapt to new systems and technologies the business world has to offer. Remember that outsourcing is only meant to take some weight off of your head, not take all of your hats away completely!

The point of outsourcing is to take hats off. If you find that you are outsourcing any of your core competencies, it’s time to conduct an internal analysis.

Cyber-Security Issues

Keep in mind, whoever you outsource your tasks to will need access to some of your company’s information such as passwords, financial account information, etc. There are often cyber-security issues that occur, putting hundreds or thousands of people’s information at risk.

When deciding what information to release to your outsourced parties, the first priority you should protect is the financial information – your company’s and your customer’s information. If you can, avoid giving third party companies access to any financial information. Most platforms allow you to create “moderator,” “contributor,” “editor,” or any other variation that is other than “administrator.”

Government Regulation

Outsourcing government-regulated tasks can be a little tricky, particularly with countries that do not have the same regulations. This issue is industry-specific. Some examples would be insurance, medical, and financial services.

Cultural Barriers

When you outsource to workers who have a language barrier, time difference, or just a generally different way of handling projects, it may be a bit more difficult to execute a task. Companies have to be cautious for the sake of time, because one cannot hand a project to an outsourced worker who needs training constantly.

This is where adaptation comes in… In our company, we freelance our graphics to outsourced workers in the Philippines. We have to prepare our instructions and content a week, sometimes two, in advance. Why? Because of the time difference and the resources available to our contracted worker. We want to make sure his needs are accommodated as well as our own, and we adapted to his way of doing business.

Conclusion of Having “Too Many Hats”

There are always risks in trying new things in your company – in adapting to new business systems and technologies. In this three-part series of “wearing too many hats as a CFO“, we explored solutions such as millennial tactics, technology, and outsourcing.

The drive of a millennial + experience of older generations = success in your company.

Adaptability is key – Technology is created to help you.

Outsourcing can lessen the number of “hats” you wear as a CFO.

Regardless of the functions that you decide to outsource, conducting an internal analysis will help confirm your core competencies and identify areas that could easily be outsourced. Download your free Internal Analysis worksheet to start developing and enhancing your strengths as well as start reducing and resolving your weaknesses.

outsourced workers

Strategic CFO Lab Member Extra

Access your Strategic Pricing Model Execution Plan in SCFO Lab. The step-by-step plan to set your prices to maximize profits.

Click here to access your Execution Plan. Not a Lab Member?

Click here to learn more about SCFO Labs

outsourced workers

1

Cloud Computing: The Good, The Bad, & The Ugly

As I sat in my car, stuck in Houston traffic, I looked around and saw many other people stuck in a similar situation – frustrated, impatient, and banging their heads against the wheel. How easy would it be to never go into work, avoid traffic, and just stay at home or work at a local coffee shop all day? More companies are adapting to working remotely, and collaborating from home is increasingly easier… thanks to the Cloud.

What’s the Point of Cloud Computing?

For an example of why a company would switch to cloud computing, I need look no further than my own backyard.

The Strategic CFO started out as a service company, doing business through face-to-face consulting. We were one of the first in the market as a consulting firm for CFOs. Eventually, that market was flooded with competitors who offered similar, if not more services. Although we have developed additional services over the years, we have recently begun allocating more of our budget on the web and cloud technology, rather than spending money on a big office to support a more traditional model of business.

Long gone are the days where it is necessary for a company to have an office in order to be “in business.”

Technological luddites who aren’t quick enough to accept technology as the market is shifting may see their overhead skyrocket and may even find themselves in financial crisis. Having been in this industry for over 25 years, I’ve found this to be a common issue in many companies.

Cloud Computing Benefits

Cloud computing helps companies cut long-term costs. There are many advantages to being part of the cloud, such as no need for office space, more storage, flexible availability, and ultimately tracking Key Performance Indicators easier.

Telecommuting vs. Office Space

As mentioned, some businesses don’t operate in an office. Instead, many businesses are experimenting with telecommuting (or “working remotely”) and foregoing their expensive office rent. I once had a client who was entirely virtual – I never even met the person. For all I know, that client could have been working in their pajama pants!

Previously, we spent thousands of dollars a month in rent, yet we were rarely in the office because we were interacting with clients in their offices or via the web. That was when we knew we had to get rid of this expense. The decision to switch from the office to telecommuting using the cloud saved us easily around $40,000 a year. That budget was then allocated to other areas in our company that were growing. Reallocating liquid assets has helped us be more flexible and able to shift with the market.

Less Hardware, More Storage

In the early days of computing, data was stored on huge supercomputers that were virtually impossible to move. This made it difficult to share information or work on projects that contained a lot of data.

Now, there are many platforms to store, create, and share data. Apps such as Quickbooks and InfusionSoft perform services that were previously performed on computers and hard drives.  By working in the cloud, a company can easily expand their ability to store information. Some companies even offer unlimited storage with a subscription package – an industry that was started as a direct result of cloud technology.  Even better, these companies will back up your data nightly – a practice often neglected by many businesses.

Anywhere, Anytime Availability

Another benefit of cloud computing is the availability of information from any location, and on any platform of technology. Like we mentioned earlier, the cloud allows for global collaboration and minimal miscommunication. As long as you have an internet connection, team members can access the same information from anywhere.  This can lead to huge leaps in productivity.

This contrasts greatly from traditional companies, where you have to ask multiple different people for data and do a lot of number crunching because the data varies. For entrepreneurial companies, this transparency is a blessing gift-wrapped and presented beautifully. For large corporations, this could be a security disaster. Thankfully, this “anywhere, anytime availability” can be controlled to reduce security risks while still improving productivity.

Eight years ago, Hurricane Ike made landfall in Houston, TX. It’s been estimated that 2.8 to 4.5 million people were without power – including our offices (where our standalone server containing all of our client files lived).  All but a couple of consultants had power at their homes, but couldn’t log into the server because our office had no power.  Had we been in the cloud, my employees could have logged on from their homes and stayed productive despite Mother Nature’s wrath.

Track the KPIs of your business

With cloud technology, it is also easier to track the KPIs of your customers and employees – hence, your overall business. CRM (customer relationship management) systems such as HubSpot, SalesForce, and InfusionSoft track the activity of both your customers and your employees, and analyze the data in real-time.

How does this help track KPIs? Well, for one, software can perform services that traditional companies need to gather multiple pieces of information from the employees quickly, analyze the numbers, and then make the reports.

Secondly, the data is communicated universally across the organization and is more accurate.

Finally, with faster number-crunching, you can more quickly resolve issues and grow your business.

Is your company having issues tracking (or even identifying) your KPIs? Download your free KPI Discovery Cheatsheet today by clicking here.

Disadvantages of Cloud Computing

With any type of technology, there are bound to be issues. Some of these disadvantages can be so problematic that they scare more people away than they bring in. The important thing is to analyze whether the benefits outweigh the risks

Integrating the change with your employees

On-boarding employees is a critical step that you have to undertake unless you want to risk high employee turnover. Likewise, implementing a new system calls for your company being responsible for on-boarding and training employees to to use it.

Integrating change with your employees will generally result in one of two outcomes: everyone embraces change or everyone sees change as evil so they’ve nailed their feet to the ground.

Security

When considering switching to the cloud, the biggest question you hear is “what about security?” Having all important documents and resources in hard copy form seems like the better alternative for some people; but when you think about it, the security issues with hard copies and the cloud are similar.

If the office catches on fire and you don’t have any backups, you find yourself in a bit of a situation. Likewise, cloud computing requires backups and continual updates to structure your system in a way that it becomes more and more difficult for the bad guy (or fire in the physical world) to hack into your system.

Technical Issues

Security isn’t the only issue to consider when switching to a cloud environment.  Sometimes, honest mistakes can occur that can cause setbacks. Occasionally, I and many others in my network mistakenly delete something without making a backup. Thankfully, we have not found ourselves in too much of a pinch as a result of our haste; but that’s not to say that technical issues can’t severely hurt a company.

Like it or not, cloud computing is probably here to stay.  It’s a powerful tool to not only save the costs associated with storing and accessing data, but can result in huge productivity gains due to greater access to information.  The improvement you can see in these key indicators might itself be enough justification to make the switch. 

Want help determining what key indicators you should be watching?  Download our KPI Discovery Cheatsheet here.

Cloud Computing Benefits

Connect with us on Facebook. Follow us on Twitter. Become a Strategic CFO insider

Strategic CFO Lab Member Extra

Access your Projections Execution Plan in SCFO Lab. The step-by-step plan to get ahead of your cash flow.

Click here to access your Execution Plan. Not a Lab Member?

Click here to learn more about SCFO Labs

Cloud Computing Benefits

 

1

LEARN THE ART OF THE CFO