Skip to main content
close search
site logo
Wayne Spivak's headshot
Wayne Spivak President & CFO

Under cyber siege

Asked on July 24, 2013

In Treasury Today

"Cyber risk is a growing concern for businesses. But how can a treasurer help to manage this risk? In this article, we examine the nature of threat faced by companies today and the practical steps that can be taken to prevent and minimise the damage of a data breach."

 

How concerned are you?

Answers

Gordon Coyle's headshot
Gordon Coyle CEO • July 24, 2013

Wayne -

Interesting topic; even though the risk of cyber liability and damage is so prevalent, many privately held business owners choose not to purchase cyber coverage in their insurance program. Managing the risk of course involves IT - firewalls, updated software, and the like, but much of it involves employee education to reinforce the dangers of opening emails from unknown senders, clicking links, or opening attachments. Password management is also critical, but when all of that fails, cyber insurance is a broad backstop to protect the business from first and third party losses.

Bob Scarborough's headshot
Bob Scarborough CEO • July 24, 2013

There are a number of risks specific to the treasury function that could be addressed.
1) Remote banking - ideally your bank access will be secured by a password token or something else that’s above and beyond standard encrypted access. One time password tokens are fairly standard from banks, along with ability to manage security and/or access for online banking.
2) Safe Pay or Positive Pay functionality should be part of your ERP and banking process. These systems send electronic data to banks on the checks you have officially issued, helping to catch any check fraud more easily.
3) Other electronic processes that are helpful for catching suspect activity include eBanking – or integration of your banking with your ERP system (so unmatched or unexpected activity pops quickly) as well as control of any electronic payment or deposit tools you are leveraging.

Beyond the risks specific to the treasury function, there are risks to the finance function as a whole, along with broader risks to the company. For the finance function, this is an area where cloud based systems – either public or a private cloud options – often help. In truth, most cloud platform providers have far more security team on staff - and far deeper security expertise - than most companies will ever maintain in-house. I recommend looking for an ISO 27001 certification in addition to the SSAE 16 or ISAE 3402 certifications, as well as permission from your provider to do additional security testing.

People have started expressing broader concern about cyber security, from basic internet access to electrical and telcom systems. It’s impossible to prepare for all alternatives, and taking time away from positive growth opportunities for your company shouldn’t be sacrificed. At the same time, reasonable preparation and thoughtful review of your risks and options is important.

Insurance can help with the financial risk, so a review of current insurance needs is also a good idea. However, no amount of insurance can compensate for the business disruption that can occur if your systems security is breached.

Want to join the conversation? Submit an answer or ask a question by emailing us at [email protected]

Submit an answer
Filed Under: Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell