A recent survey sponsored by document management firm RR Donnelly and published by CFO Research found information security often takes a backseat compared to productivity. In regard to tax reporting, the implications of the survey have serious ramifications, as security breaches could lead to the loss of tax identification numbers (TINs) and other sensitive data.
The researchers surveyed 153 senior finance executives at U.S. companies. Only 33 percent of respondents said their companies had a comprehensive cybersecurity strategy for financial data that spanned across the enterprise. Additionally, 80 percent said their companies do a poor job of communicating security policies throughout the organization.
“We have a fairly robust set of controls in place,” one treasurer from a financial services firm told CFO. “The one thing we need to do more of is training and updating employees so that we can be more confident that the rules are being followed.”
Employee education tends to be the foundation of any cybersecurity policy, and employees and partners should often be reminded of best practices and risks, Cite World reported. Data encryption and other safeguards are of little use if staff are falling prey to phishing scams and other cyberattacks.
Risk management culture is necessary
The researchers concluded the key to addressing cybersecurity concerns and mitigating risks is to create a corporate culture that understands what needs to be done to prevent breaches. This task starts with senior staff.
“Better leadership in finance and IT [is needed],” one CEO who responded to the survey said. “These departments are supposed to serve the business.”
The researchers pointed to CFOs as the ones who must champion the creation of a corporate culture of safeguarding financial data. The process starts with collaboration between these executives and the IT department to lay out policies that are easy for employees to understand. Then, the rules must be communicated to employees.
However, the task doesn’t stop there. CFOs must ensure senior management regularly reminds staff of the policies and monitors the performance of those rules. These executives must also make certain they are adhering to the guidelines themselves to model best practices.
It is important to remember cybersecurity is no small consideration, as there are consequences besides monetary losses, ITWeb reported. This could include a poor reputation among clients, partners and investors.