Cyber threats are multiplying, and businesses are the major targets. Statistically, small business are more likely to get attacked. 43% of all cyber threats are targeted on small businesses

This is not white noise. There have been certified reports of businesses losing huge sums of money due to cybersecurity breaches. In the face of all of these, what are businesses to do? 

Panicking actually does little to help. Rather, a deliberate commitment towards learning about these cybersecurity threats will be a great start. Afterward, you can implement strategies that will protect your business from these attacks. This article is aimed at debriefing controllers and major business decision makers on the details of cybersecurity. 

Why are Businesses Getting More Attacks Recently?

  1. Most businesses are turning to internet-regulated platforms exposing them to risks. This is, in part, because some business owners may not be as tech-savvy as they should be. Hence, they present easy prey to hackers and internet fraudsters. 

Another subset of people that can be affected by porous cybersecurity infrastructure is clients. Clients automatically become compromised when they use online business systems without adequate protection. For instance, a client could get attacked by malware or spyware simply by clicking on a link supposedly from a business they patronize. 

  1. Regulatory standards are continuously changing. Regulatory platforms in the United States are turning to internet-enabled systems to monitor companies. However, the intricacies can be confusing for business owners. 

More so, the transition to online platforms could leave business owners vulnerable. When they use web-based systems, they leave information about their businesses and stay open to being targeted or even hacked.

  1. Hackers are getting more sophisticated. Cybercriminals now have organized structures and even have networks across several countries. They are growing innovative, and this is obvious considering the types of attacks that they now carry out. 

Typically, they stalk businesses for months to design attacks that are specific to each one. DeepFakes sophisticated ransomware and malware are the commonest forms of attacks. 

Attacks are also getting harder to predict and it’s more difficult to apprehend cybercriminals today considering the several military grade firewalls that they hide behind. 

With these threats, there is a need for businesses to grow awareness of cybersecurity trends and ways to stay safe. 

Although a controller’s realm of operations is majorly in accounting, learning about cybersecurity will help them identify loopholes, detect when an attack is happening and properly advise the risk officers in charge of eliminating cybersecurity threats.

Key Things a Controller Should Know About Cybersecurity

Although cyberthreats look nothing like a balance sheet, there are a few things that controllers should know how to do to curb this corporate menace.

Identify Loopholes

Every controller should identify what parts of their company’s financial systems are most vulnerable to attacks. This requires a careful look at the overall structure of the business. Detection of loopholes will help in the elimination of threats. This is because it would necessarily translate to proactive policies that prevent the attacks even before they arise. 

In determining the weak links in the company, the controller has to recognize the peculiarities of their companies. Entities with a strong internet presence utilize cloud-based storage systems or retain clients’ data are more vulnerable than others. Hence, controllers of such companies need to do a thorough sweep of their systems and processes. 

Create an Insider Threat Assessment

Sometimes, the cybersecurity threats can be internal. This could be inadvertent due to mistakes from employees. However, some employees could be compromised and work with cybercriminals themselves. Therefore, the controller has to designate a threat risk level for everyone in the financial system.

Set Up Response Mechanisms

Working with security experts within the firm, controllers need to develop response mechanisms in the event of a breach. Here, the controller designates roles and responsibilities, stipulates the processes that could kick in in such situations.

Typically, the controller decides who the first point of contact is. This is often the Chief Financial Officer, who then escalates the situation and resolves it where necessary. 

Compliance with Regulations

Regulations to prevent cybersecurity breaches and protect clients have become steeper in recent times. More so, they keep multiplying over the years. Controllers need to identify these regulations to make sure their companies are compliant. Regulations vary across jurisdictions. Hence, companies with a presence in multiple countries will need to heed the regulations in different countries. The controller has to get familiar with the different regulations and make sure the company is compliant.

Compliance is to ensure that clients do not fall prey to the breaches the regulations are supposed to guard against. Furthermore, it is to make sure the company does not run afoul of the law. Penalties for noncompliance can range from monetary fines to complete closure of the business. 

Post-attack Response Mechanisms

Even after implementing the best practices, cybersecurity breaches could still arise. The controller needs to set up mechanisms to preempt and prevent an attack and develop possible pathways to explore if attacks happen. Here, controllers need to prepare for how to protect clients’ information on their systems, cordon off the remaining financial systems and make sure financial records are safe.

Controllers also need to work with the firm’s legal team to clarify what to do when a breach occurs. If breaches occur, affected clients would most likely institute legal actions. The controller has to allocate some part of the firm’s budget to fighting these legal claims. Taking out insurance coverage might also be a great step to take here. How susceptible the company is to an attack will generally inform just how much the company sets aside for such emergencies.

Looking to learn more about cybersecurity? Controllers Council is a national community and platform of Controllers, Accounting and Finance professionals focused on accounting best practices, information and resources, recognition and networking. Membership has many features and benefits to propel your career and expertise, and to be an active participant in our exciting community. Discuss topics like accounting and CPA compensation and more in our forum. Become a member today.

Additional Resources

From Knowing Why to Knowing How: A Controller’s Look at Cybersecurity

The Cybersecurity Mandate: Experian’s Predictions for 2021

Risk Mitigation and Management: Cybersecurity Basics for Controllers

Virtual Roundtable: Controlling Employee Expenses with a Small but Mighty TeamWebinar Tuesday, September 28

Join the Controllers Council as Ram Bartov, Corporate Controller of TripActions (formerly Corporate Controller at Snowflake), reveals how small but high-performing finance teams today are embracing automated expense management technology to gain a better line of sight, control, and real-time reporting. Ram will moderate a “virtual roundtable” of Controllers and CFOs to be announced.