Three things for the CFO to consider when evaluating cyber-risk for the executive management team

Last updated: 07 November 2014

The CFO arguably has the top job when it comes to assessing risk and making decisions on security investments. They have to balance investments in IT security systems and processes against many other things, constantly weighing the cost of managing cyber risk against its perceived value.

Most CFOs have the support of the CIO in evaluating all the risks associated with technology, but have they considered the risks associated with the working style of the average executive? For example:

  1. Anytime, anywhere working – is now the norm for many busy C-level executives. Rather than being chained to their offices, mobile devices, Wi-Fi and collaboration in the cloud has set many free to work flexibly or on the move. But this also poses dangers of its own, particularly with more than 15,000 mobile phones, 506 tablets and 528 laptops going missing on the London Underground alone last year.  Lost devices that lack basic security measures such as encryption can result in hefty fines from the local data privacy regulators. Encrypting emails and individual devices is a good way to protect against data theft, even if the mobile phone or laptop winds up in the wrong hands.
  2. Delegation, delegation, delegation – is the secret to many senior managers’ success. Hiring personal assistants has risen steadily over the past few years as working life becomes busier and people require additional support. More often than not intensely busy executives will give their assistants access to highly confidential, sensitive and powerful information to get the job done. As I wrote previously, we believe executive assistants should be given the same level of security protection as their bosses.  This could include strong authentication to access email or sensitive documents, email encryption for confidential areas such as HR and legal and even digital signatures to be able to sign official documents.
  3. Not enough hours in the day – to take complicated security training, rules and regulation into account. The CEO demanding an update on quarterly targets will always take precedent over crippling security processes from the CFO.  Find a way to deliver security tools conveniently that enables the assistant to work efficiently. Educate executive management on the risks of using unencrypted emails to send confidential information and give them the security to be free.

With the average American company alone suffering more than 16,000 cyber-attacks in 2013, the safeguarding of business’ data is one of a CFO’s most important considerations. Human error and the risks of modern working life must be considered when determining where to invest.

Leave a Reply

Your email address will not be published. Required fields are marked *