As the size of our data collection grows, so too does the need to keep that information secure. We’ve seen the headlines of companies falling victim to many kinds of cyberattacks. One well-known case is that of SolarWinds, which was tricked into sending out malware to its partner network. The misadventure cost the company $40 million over the ensuing nine months, plus 11% of its annual revenue (or about $12 million per customer).
Even if a company does not suffer a data breach, it is still at risk of being fined by various regulating bodies for data security non-compliance, network vulnerabilities, and other data hygiene missteps.
Beyond the potential for major financial losses due to poor data management practices, there is also the cost of unnecessarily wasting resources. One of our research studies that surveyed IT decision-makers at 600 global enterprises found that more than half of those companies had been cited in the last 24 months for failing to comply with data protection laws. In addition, two in five enterprises surveyed were wasting upward of $100,000 per year storing useless IT hardware because it held sensitive data.
The responses showed that companies are stuck in a state of fear of reputational damage, with the primary risk being that sensitive data stored on old IT hardware could be breached or misused. Yet, that is a high cost to pay to avoid dealing with the problem at hand.
What is the role of CFOs when company policy on data management and data security develops within the IT department but may end up in the finance team’s lap down the road?
Finance leaders need to start collaborating with IT departments to mitigate the risk of costly fines and the potential impact of a data breach. Finance also needs to ensure that resources are not wasted on device storage. Understanding areas of vulnerability is a great place for CFOs to start. Even though it may not be in the CFO’s comfort zone, it’s important to have a cursory view of what the company considers potentially problematic from a security risk standpoint and a resource usage standpoint. Then, work hand in hand with the IT team to ensure the finance voice is heard in identifying priorities throughout the company’s policy reviews and updates to data security protocols.
CFOs can also join forces with their IT counterparts to elevate security procedures as part of the company ethos (without detracting from employee productivity). Incentivizing employees to be mindful of data security and data management policies that could lead to financial impacts is one way to jump-start this effort. Employees can be encouraged (1) to report inefficiencies or problems that might lead to incurring costs and (2) to propose cost-saving ideas and improvements. Wider education will help employees maintain a standard of corporate data best practices. Another way to rally around this cause is to designate some employees to be data security ambassadors.
Tools that speed up the response time to vulnerabilities and reduce the attack surface — and hopefully stop breaches before they happen — are worth prioritizing.
When approving IT expenditures, CFOs have a great opportunity to ensure the emphasis is on data management projects that reduce financial risk and prevent waste of resources. For example, it may be worth investing in the establishment of a single sign-on for company employees. A single sign-on allows access to company data to be quickly turned off upon an employee’s departure.
In general, tools that speed up the response time to vulnerabilities and reduce the attack surface — and hopefully stop breaches before they happen — are worth prioritizing. Freeware for data sanitization exists, but enterprise-grade tools provide assurances, such as certificates of erasure, which equate to less risk. Also, automating the different stages of data management processes not only increases productivity but can also significantly expedite the recycling or disposal of assets, mitigating storage issues and security risks.
Deploying programs and tactics to ensure IT equipment is handled securely doesn’t end at the edge of the company’s network. Upon considering new suppliers, CFOs should ask the right questions about data hygiene and data security practices. A company’s technology supplier choices can impact outcomes around data breaches. That’s why understanding, assessing, and perhaps getting an opinion from your company’s IT counterpart on partner security practices is important when forming external relationships. That will possibly eliminate the potential for unnecessary data breach risks. Some companies even go one step further to hire ethical “white hat” hackers to test for vulnerabilities in their networks.
In assessing the financial repercussions of inefficient data management practices, it is highly beneficial for senior-level finance executives to work together with the company’s IT team to jointly develop processes that create financial synergies.
Adam Moloney is CFO at Blancco Technology Group, a data erasure and mobile lifecycle solutions provider.