It’s a company’s worst nightmare: a data security breach. In a moment, confidential, client-specific and your organization’s financial data is compromised by someone hacking into your seemingly secure computer system. A security breach presents a challenge to all businesses; and while we hear about large businesses that are affected (Target, Home Depot, etc.) SME’s are at-risk as well.
Security breaches affect everyone, but no one feels the pain more than the company’s CFO. The Finance Executive’s role is changing, adding IT and further data management functions under their purview. In addition, security breaches take a direct hit to the bottom line. In the Ponemon Institute’s 2015 Cost of Data Breach Study (sponsored by IBM) the total average cost paid by organizations is $6.5 million, with an average cost for each lost or stolen record containing sensitive and confidential information being $217.
This is significant; and as cyber security attacks continue, the CFO’s role in assessing risk and preventing costly breaches will increase. How can finance executives prevent the likelihood of a security breach?
Security Breach Opportunities
It’s important to mention the ways that financial and/or personal data can be compromised or stolen from your company, specifically as it relates to your traveling employees.
- Information stored on laptop computers can include confidential product or business data, personal and financial employee information or your client’s company-specific information.
- The use of Wi-Fi in airports presents a risk for travelers, as hackers have the ability to access data through this connection.
- Simple equipment theft is possible. Stories abound of business travelers losing their laptop because of perceived security checks, when in reality, opportunistic staff are simply taking advantage of their “official” access to your information.
- Open booking is a prime example of travelers and businesses putting their companies at risk. When travel is unmanaged or undermanaged in an organization, employees are more likely to book travel outside of your business’ travel management system. This not only increases the cost of travel, but presents a security risk for your traveler and your business. Employees going through online websites need to enter their personal and financial information online, sometimes multiple times. The personal and financial data, and the itinerary of your travelling employee is now at a much higher risk for theft through the use of this open booking process.
Security Breach Prevention
Regulations regarding data protection are ramping up. The 2016 Finance Priorities Survey states, “Regulations and regulatory oversight concerning cybersecurity and information privacy undoubtedly will increase worldwide, which will place further burdens on finance functions to ensure they are in compliance with new requirements for information security and data management.”
It's critical for finance executives to take steps now to mitigate the risk of a security breach. By doing so, your organization will stay compliant with impending regulations, and in turn safely control your company’s essential financial and personal data.
Following are six ways to maintain control of your business’ most important information.
Ensure your critical information is well-protected
All data within your business is important, but there are certain categories that merit specific attention. What are the critical pieces of information that if compromised, create the biggest risk for your business? Thorough assessment should garner the high priority data that needs additional protection, and appropriate steps can be taken to mitigate risk.
Require travelers to keep minimal data on their mobile devices – phone, tablet, laptop – and use encryption
Your travel policy should include specific verbiage relating to how information is available while traveling. Most importantly, ensure that sensitive data is not accessible through an employee’s laptop or smartphone. Use secure VPN access and/or encryption technology to secure data that is required for client meetings or presentations. This may not prevent the stealing of your data, but will prevent the ability to read and use it.
Include procedures for data transport, storage and access in your travel policy
As mentioned above, your travel policy needs to cover this topic very specifically. Not only regarding actual transportation of financial data, but how you access it while traveling as well. Are road warriors able to use airport Wi-Fi services? Are there additional steps that need to be taken when using a hotel’s business center? Assess what policies should be in place to balance data security and traveler accessibility of data while on the road.
Embrace technology that helps prevent security breaches
Technology solutions exist for security breach prevention including encryption tools, remote data deletion and alarming equipment. Before investing in technology, assess the needs of your business. For example, online booking tools collect traveler data and house this information in a central location, preventing the need for repeat entries for each trip. Simply having the ability to pre-populate customized fields for each trip reduces the chance for data breach.
Virtual payment cards are a smart solution for protecting financial data and identity theft. The Virtual payment card generates a unique number for each transaction, and once used, becomes invalid virtually eliminating the potential for theft.
Review all third party contractors
If your organization works closely with third party contractors, it’s imperative that they are completely transparent in how they store and/or use your data. Don’t assume that their system is “the best” and if they refuse to share this information with you, consider terminating their services.
Provide protection for employees traveling to potentially dangerous places
Your employees are one of your most important assets, and protecting them while traveling is critical in the prevention of security breaches. Using your online booking tool provides detailed information on when and where travelers are going, which provide the ability to track employees and monitor potential travel disruptions or security issues. On-location security services reduce risk in potentially dangerous areas where employees must travel. Liability insurance also gives businesses protection, preventing the potential for costly lawsuits.
Security breaches will continue to happen in both large corporations and small business. It’s important for Financial Executive’s to assess potential risks, develop a plan to reduce these risks, and then implement solutions that prevent the possibility of security breaches. Specifically regarding your road warriors, developing an effective travel policy, educating travelling employees and ensuring protection of critical personal, client and financial data through technology will work to prevent the likelihood of a security breach while on the road.
As your CFO role continues to expand to include monitoring travel-related data and developing cost-effective processes to ensure compliance, following the above tactics will reduce the risk of security breaches and in turn provide control, support and peace-of-mind for your business and your travelers. What types of security breaches concern you the most and what is your mitigation strategy? Share with us and comment below!