Concerns around data, particularly as companies transfer massive amounts to the cloud, are prevalent among executives, regardless of the size of the company or industry they are in. As leadership’s view of cybersecurity transfers from “insurance-like” to a proactive initiative best paired with branding, many CFOs and other C-suite members are still unsure how to handle large amounts of increasingly valuable data.
Without proper security of an organization’s most increasingly valuable datasets, a widespread, expensive, and company-wide push to embrace technology and infuse it within operations can come to a screeching halt should a data breach occur.
Working in an office provides better control and visibility over the IT infrastructure and employee activities, making it easier to enforce security policies and monitor threats.
“CFOs should be aware of the increasing risks of cyber threats, including the potential impact on financial performance, reputation, and customer trust,” said Gregory Hatcher, a former U.S. special forces engineer and current founder of cybersecurity consulting firm White Knight Labs.
“This includes both external cyber threats and the risk of insider threats posed by disgruntled employees or those with privileged access.”
With hybrid and remote working policies the norm for many companies, executives who implement work flexibility must be aware of the cybersecurity risks these work environments bring. According to Hatcher, remote working employees pose a higher risk of cybersecurity breaches, as many knowingly or unknowingly use unsecured devices and networks in the course of their jobs.
Gregory Hatcher
“Employers should implement strong security policies and provide training to remote employees on how to handle sensitive information securely,” said Hatcher. “Implementing multifactor authentication and endpoint protection are some tactics to overcome these risks.”
“Preventing employees from being on the virtual private network (VPN), unless they are actively working, is another way to minimize security risks,” Hatcher continued. “This means setting up the VPN to disconnect automatically when not in use and implementing time limits for VPN usage.
Despite the exposure from employees working remotely, Hatcher doesn’t believe employees who work in the office are completely risk-free. “Both office and remote work environments have their unique cybersecurity challenges. However, working in an office provides better control and visibility over the IT infrastructure and employee activities, making it easier to enforce security policies and monitor threats.”
Moving critical operation components and datasets into cloud storage, organizations often fail to recognize the importance of cybersecurity during the process.
“The most commonly overlooked aspects of cybersecurity when transitioning to cloud operation and storage are the cloud provider’s security protocols and compliance requirements,” Hatcher said. He also mentioned the need for employee training on how to securely access and handle cloud data, as well as the potential risks of third-party integrations.
Hatcher still recommends executives transfer data sets to the cloud, but with cybersecurity as a large consideration during the process. “I recommend organizations transfer data to the cloud as it provides better security, accessibility, and scalability,” he said. “However, it’s essential to choose a reliable cloud provider and ensure compliance with data protection regulations. Keeping data in-house can be risky due to limited resources and potential vulnerabilities.”
For a CFO who is starting to allocate toward technology and cybersecurity or for a leader whose company’s technology incorporation has far outpaced their cybersecurity allocations, initiatives toward data protection start from within. “A good first step for a company lacking in cybersecurity is to conduct a comprehensive risk assessment to identify potential threats and vulnerabilities,” said Hatcher. “This should be followed by implementing security policies and protocols, employee training, and regular security audits and penetration testing.”
“It’s essential [for CFOs] to prioritize cybersecurity investments and ensure compliance with data protection regulations,” Hatcher continued. “Maintaining a proactive approach to threat detection and response is also crucial to identify and address potential threats before they result in significant harm.”
A good first step for a company lacking in cybersecurity is to conduct a comprehensive risk assessment to identify potential threats and vulnerabilities.
Keeping internal or important information from getting into the wrong hands is another element of security. Based on his military intelligence experience, Hatcher explained how organizations should approach the problem of keeping important information inside leadership circles. He suggests using both old and new technology as a way to assess the integrity of employees, and their ability to be in the know on important company information and trade secrets.
“To assess employee trust and gauge their ability to handle sensitive information, executives should conduct background checks, perform regular security training, implement access controls, and monitor employee activities on a need-to-know basis,” he said.
