Cyber Security Best Practices for Your Company’s Financial Data

Cybersecurity is always vital, but in recent months it has become more critical than ever before. In the wake of the COVID-19 pandemic, hackers and fraudsters have capitalized on the disruption and increased their efforts to steal personal and business data. According to Jeff Bathurst, cybercriminals have used this as an opportunity to prey on companies that were not fully prepared to work in a completely remote environment. The pandemic quickly magnified any cybersecurity weaknesses that businesses had, and immediately after the pandemic hit, there was a 40% increase in cyberattacks. In April alone, criminals stole a staggering 220 million company and personal records.
​
But pandemic or not, cybersecurity should be a top priority for every company. Understanding where your business is vulnerable and what it can do to stay protected will help you avoid cybersecurity issues. 

---

​​Use Reputable Service Providers
Cybercriminals are most interested in a company’s financial data (or their customers’ financial data), making this an especially important area to safeguard. Ask yourself, “How secure is the work that our bookkeeper or accountant is doing?” Look at the technology platforms they are using, how they are accessing/transmitting/storing data, and their general work practices.  
​
Using a reputable accounting firm instead of a freelance bookkeeper is typically more secure because these companies almost certainly have regulatory and compliance standards in place governing their cybersecurity measures. Freelancers, however, may or may not have these same security standards because there is much more variation among these professionals.

Whether you handle your finances in-house or outsource these functions to a third-party, utilize the proper accounting controls to minimize security risks internally as well. Remember, always secure your business from the inside and the outside.

Companies with less security-savvy leadership should consider using an SECaaS (Security as a Service) company to oversee their information security across the organization’s entire technology environment.

Train Employees to Avoid Phishing Schemes
Phishing schemes are the most common cybersecurity threat because they are so easy for attackers to deploy. Last year 32% of data breaches included phishing schemes.

Remember, no employee is immune. Sales, HR, business development, and finance are common targets, but phishing schemes and ransomware do not discriminate. Educate all employees on the prevalence and danger of phishing schemes:

• Train them to be suspicious if they receive a request for something that they were not expecting.
• Encourage them to follow the “trust and verify” method. Have them get in touch with the person asking for the information before clicking on anything or sending any information.
• Require them to report anything out of the ordinary to management.

Maintain a documented response plan and follow it any time a suspected phishing scheme is reported. Once the plan is in place, regularly test employees to identify vulnerabilities in the system and make the changes necessary to close these security gaps.

Understand the Challenges of Remote Work
Many employers encourage employees to use their personal technology when working remotely, making them especially vulnerable to security breaches. Ideally, employees should not be relying on their personal technology for business use, but if your company cannot provide computers and phones to employees, have policies in place to regulate how employees conduct themselves on this technology.

Organizations must maintain compliance with their own data and their customers’ data in the office and anywhere where employees are working. Jeff Bathurst explains that remote work must be handled maturely with policies that are “sustainable, controllable, and accountable.” He urges employers to monitor and control who is accessing data, how they are accessing it, and where that data will best protect the company.

Follow General IT Best Practices
The best protection against cyberattacks is strengthening your ongoing precautions in response to new threats. Follow cybersecurity best practices, such as:

• Keeping employees behind an anti-malware firewall
• Using encrypted email or a secure platform for transmitting and accessing sensitive information
• Implementing multifactor authentication for both the cloud environment and your on-premise VPN
• Using a mobile device management software so that if an employee device is lost or stolen, access to company data or emails can be blocked
• Ensuring employee passwords are strong, updated regularly, unique, and stored securely
• Using a password manager service to generate secure passwords across accounts

Assume your company will be the victim of a security attack eventually, and plan for that day now to minimize your risk level.

Do you need to revisit the systems and procedures surrounding your accounting controls? Please find out more using our resource: Best Practices for Implementing and Updating Accounting Controls