Cybersecurity – are we really ready?
Cybersecurity is the biggest single issue relevant to businesses of all sizes, from SMEs to multinationals and a crucial area that finance professionals must balance risk and control of. Data breaches are huge issues for senior executives who must guard their organisations from such threats.
Breaches in cybersecurity can result in a loss of customer information, trade secrets or other confidential assets, which can ultimately affect corporate reputation, financial performance and competitive advantage. These are only a snapshot of the problems businesses can face as a result. Because of the nature of cybersecurity, authorities and governments are best placed in using their resources to raise awareness among
businesses, and to put resources in to creating mechanisms to catch perpetrators.
Finance professionals can assist them and taking steps to protect their organisations through being aware of legislation and taking steps to limit breaches. Businesses have to take the lead as they need to be aware of the value of the data they hold, the value in protecting it, and the damage that can be done if they fail to do so. Stolen data is used in all sorts of ways – for example to predict purchasing and money transfer patterns – criminals can use this information to commit fraud. A basic rule of thumb is that if there
is value in the data to a criminal then there is value in protecting it. Sadly, because data is digital it can be replicated over and over again, potentially before the businesses is even aware. Leaders of the Inter-American Development Bank (IDB) and the Organisation of American States (OAS) have assessed the Caribbean’s vulnerability to cyber-attacks in the 2016 report titled: Cybersecurity: Are We Ready in Latin America and the Caribbean?
It found that the awareness of cybersecurity strategies was increasing across the region, especially in Jamaica and Trinidad and Tobago. Jamaica released a comprehensive national cybersecurity strategy on January 28, 2015, through creating a national Computer Security Incident Response Team (CSIRT). A CSIRT is defined as a team or an entity within an agency that provides services and support to a particular group (target community) in order to prevent, manage and respond to information security incidents. These teams are usually comprised of multidisciplinary specialists who act according to predefined procedures and policies in order to respond quickly and effectively to security incidents and to mitigate the risk of cyber-attacks.
There are hundreds of CSIRTs in the world that vary in mission and scope. According to the report, Trinidad and Tobago will officially launch the country’s first national CSIRT this year, which will work closely with the Organisation of American States, International Telecommunications Union and other international organisations to develop incident response capacity. But there’s still a way to go to for these two countries and others across the region to improve their standards. For many businesses there are obvious risks regarding ineffective cybersecurity such as disruption of supplies, sales and the loss of cash, but two other areas stand out: Potential legal action from individuals and companies for loss of their data by a business Reputational damage, which can spell the end of a business. Businesses must make sure their staff are aware of the risks and how to protect against them.
Some simple steps that businesses can take to help protect their businesses include: Keep cybersecurity front of mind - regular training and visual reminders around the office. Never reveal your bank account security information on a website or over the phone. Require two people to set up or authorise any high-value payments. Ensure your systems are up to date. At a minimum: do not use Windows XP; Internet Explorer v8 or run your systems on Microsoft Server 2003. Ideally do not use a free email account such as Gmail, Hotmail or Yahoo mail, or share documents with Dropbox (unless the document is encrypted first). Do not access confidential information on an insecure (unpassword protected) Wi-Fi network.
Nearly every business relies on the confidentiality, integrity and availability of its data. Protecting information, whether it is held electronically or by other means, should be at the heart of the organisation’s security planning. As cybersecurity strategy and business operations further align, finance professionals can protect their organisations better for the future.
Comments
"Cybersecurity – are we really ready?"