Common cybersecurity risks for finance
When collaborating with IT security and risk teams, CFOs should prioritize the financial data and systems that are most critical to the business to ensure that those processes are protected. The most common threats to guard against include:
- Phishing attacks: Methods to trick employees into giving up sensitive financial information, typically by email, but variations also include voice phone calls and SMS messages.
- Malware: The general term used to describe any malicious software, file or program that is intended to harm/disrupt a computer.
- Data leakage: This threat arises from the use of multiple devices and internet connections such as laptops, mobiles, tablets, PCs (personal computers) or home WiFi to access databases.
A cross-functional approach will also help CFOs with accurate scenario planning, as they can discuss all possible cybersecurity risks with these expert teams.
Read more: Gartner Top 9 Security and Risk Trends for 2020
Cybersecurity checklist for CFOs
Gartner recommends a simple three-step framework to prioritize the key objectives of a comprehensive cybersecurity strategy to safeguard finance processes and data.
Step 1: Realize
Develop policies and guidelines that identify the areas in finance processes most vulnerable to attack or the areas most likely to be intriguing to criminals. The main objective is to minimize the possibility of a successful cyberattack.
A sample mitigation tactic would be to identify key financial data assets and software applications (e.g., cloud finance solutions) and their relative vulnerability.
Step 2: Respond
Clarify the plan of action by highlighting roles and responsibilities in the case of a successful breach of financial data. Highlight the quickest possible resolution(s) when the organization faces a cyberattack.
A plan objective might be to designate a point of contact to whom all finance employees can report any cyberattack instances and a “first responder” in finance, e.g., the chief accounting officer, to analyze the exact financial impact of the attack.
Step 3: Review
Set governance policies that encourage regular check-ins on the health of the cybersecurity measures in place for finance processes to make sure the organization remains prepared for evolving threats to its financial data and for new workplace realities.
One plan objective might be to create a cross-functional team from finance, IT and risk/audit that submits regular reports on the state of financial data security.
Read more: Security Experts Must Connect Cybersecurity to Business Outcomes