4 April 2023
Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine
Ensuring the safety of a company’s financial data is crucial as financial data contains sensitive information such as bank account numbers, credit card details, and transaction records. A data breach can lead to significant financial losses, legal issues, and damage to a company’s reputation. A loss or breach of financial data can disrupt a company’s operations and cause significant downtime. This can result in lost revenue, missed opportunities, and damage to a company’s reputation.
Customers, investors, and other stakeholders expect companies to protect their data. A company that fails to safeguard its financial data can lose the trust of its customers and damage its reputation. To ensure the safety of a company’s financial data, businesses should implement robust security measures, such as firewalls, antivirus software, and encryption technologies. Additionally, companies should develop policies and procedures for data access and use, train employees on cybersecurity best practices, and conduct regular security audits and assessments.
To find out more about the cause of data breaches, the best practices against data breaches as well as the policies organizations can implement, DigitalCFO Asia spoke with Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine.
The Rise In Number Of Data Breaches In The Pandemic Period
The rise in data breaches during the pandemic can be largely traced to remote work, as businesses were forced to pivot their operations online. With 64% of organizations reported to have moved into more cloud-based activities since the pandemic, this inherently extends organizational network perimeters and entry points for threat actors, rendering businesses more vulnerable than ever to cyber threats.
Apart from the increase in data migration, the remote work model created room for opportunistic cybercriminals. According to a 2022 report by Verizon, 82% of data breaches involved human error, which includes social attacks and misuse. As employees use personal, unmanaged devices or unsecured networks to access business-critical platforms, this leads to a higher possibility of compromised credentials and exposure of sensitive data.
The Best Practices In Safeguarding An Organization’s Financial Data
“A proactive approach should be taken towards safeguarding financial data. The first line of defense would be to invest in cybersecurity solutions,” says Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine.
Advanced data collection and analysis solutions include security information and event management (SIEM) and AI-driven user behavior analytics (UEBA) to help organizations gain full visibility of one’s IT operations. A robust automated response system is key to protecting one’s data, considering the environment of remote work over shared networks. It is also notable that organizations that adopt a zero trust approach face lower data breach costs compared to organizations that do not. This would see them operating under the assumption that user identities or networks may be compromised, hence requiring authentication before being granted access to any application and data.
In addition to software, employees play a critical role in the data protection chain and fight against cyberthreats.
“It is important to invest in your employees, by incorporating cybersecurity awareness and education across all levels,” says Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine.
With cybersecurity training, employees will be equipped to recognize security threats such as identifying red flags and concerns, and understanding how to handle a data security compromise. This would better equip them to detect, prevent and protect the business from malicious activities early.
Unique Policies That Organizations Can Adopt/Implement To Minimize The Chances Of Data Breaches
Organizations can leverage automated solutions, such as account reconciliations, journal entry automation and high volume transaction matching, to minimize the F&A function’s exposure to the risk of data breaches. For example, with high-volume automatic transaction matching, AI and machine learning technology is able to match transactions across areas like PO to invoice, banks to accounts receivable and credit cards, which allows F&A teams to match entire transactions easily and quickly root out and act on any anomalies. This also allows for F&A teams to cut down on spreadsheet use, reducing the risk of sensitive data being left out on file shares, and accidentally shared with third-parties.
“With cloud technology now becoming the backbone of the new finance technology landscape, organizations thinking of making the shift to cloud can make use of the opportunity to upgrade and strengthen their cybersecurity posture,” advised Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine.
A robust cloud solution is essential to prevent data loss, and can help the organization maintain compliance with data privacy regulations. The key is selecting a solution vendor that has the right security, controls and resources in place to safeguard the organization’s data and processes. Ideally, organizations should select solutions that not only meets the most rigorous security standards, but reduces cybersecurity risk by eliminating manual accounting processes altogether.
The Rising Trends In Data Protection & What Data Protection Will Be Like In The Next 5 Years
Cybersecurity continues to be top of mind for many organizations and is increasingly a priority for business leaders.
“We’re seeing cyberattacks increasing in frequency and expanding in scale, as cybercriminals employ more sophisticated modes of attack to commit financial or customer data theft. From leaked spreadsheets, exposed databases, unpatched servers to errant logins, there are many ways that an organization’s sensitive data can fall into the wrong hands,” says Mike Polaha, Senior Vice President, Finance Solutions and Technology, BlackLine.
One of the trends is that data volume is growing and data sharing practices are increasingly commonplace, which means that traditional tools and approaches to secure data may no longer be sufficient. In the next five years, F&A leaders will need to work together with their Chief Information Security Officers (CISOs) and IT teams to review existing data controls and processes, to ensure that current protocols are able to meet the demands of the modern data stack.
At the same time, many are seeing the role of cybersecurity is increasingly falling onto the shoulders of finance leaders. Many now have the responsibility of enterprise-wide operational risk management, and are involved in monitoring data security, privacy and governance related to all finance and accounting data and activities. F&A leaders increasingly need to have a keen understanding of cybersecurity, and be comfortable getting into detail on any cybersecurity investments, policies and procedures when working with prospective cloud providers.
On the vendor side, privacy by design is also increasingly becoming a given in new products and services. More and more vendors are embedding privacy into the designs and operation of their IT systems, network infrastructure and platform right from the product conception stage, to provide sufficient protection over sensitive data.
