Discount retailer Target recently admitted it spent $88 million to improve its cyber-security systems following last year’s data breach, says finance resource site Proformative. And the meter is still running, with the firm most assuredly on the hook for legal costs for defending itself from lawsuits, not to mention the damage to Target’s reputation. For other companies and their finance chiefs, the incident highlighted an issue that has become top of mind, regardless of size or sector.
“Every day there seems to be a new headline reporting another Internet security breach or data protection lapse — be it hacked credit card data, the Heartbleed Bug or well-crafted phishing scams luring victims to give up sensitive information,” writes RoseRyan executive Pat Voll. A positive takeaway is that highly public data breaches goad companies to overhaul their own internal infrastructures.
In addition to IT staff addressing data security issues at firms, though, CFOs, “as the keeper and protector of their business’ security information and internal controls,” share responsibility for safeguarding a company. To thwart would-be hackers and stay out of the headlines, Voll offers five tips for CFOs:
Identify the crown jewels. Before assessing cyber security solutions, identify your most critical data. This can be anything from financial information to consumer or client information. And to further home in on the important data, do not hesitate to ask staffers for their help when figuring out what needs to be safeguarded.
Control who has access to that valuable and vulnerable info. Now that you know your firm’s most critical data, who has access to it? Monitor access so no one except authorized individuals can get at it. And make sure all sensitive data is backed up so the company “is not vulnerable to ransom demands for stolen data.”
Review third parties critically. Although the Securities and Exchange Commission has made an active effort the last few years to address cyber security threats, do not take it as a given that it or any other third party “has it all under control.” Demand transparency when it comes to how outside agencies are protecting your data and complying with privacy laws.
Encrypt like crazy: Whether it’s information on computer drives, laptops or flash drives, all critical data should be encrypted. Says Voll: “Encryption won’t protect your data from being intercepted. But it can protect the contents from getting read.”
Engage everyone in the effort. To increase cyber-security effectiveness, make sure everyone is involved. Do not operate in silos. Provide employees with regular updates, training and education on how they can safeguard data.