What Your Controller Should Know About IT Security
In many video games, players have “lives” that determine the duration of the game. Similarly, organizations have Controllers looking to save not “lives” but “funds.” However, too much emphasis on reducing costs can cost more in the long run, especially as it relates to Information Technology.
One decision each Controller makes is whether to manage IT in‑house or to outsource the role. Given the fast pace of changing technology, many companies choose to outsource. Choosing to engage with an IT Managed Services Provider like IT Radix often save funds. It also makes it more likely that the organization will stay on top of technology, ensuring ongoing gains in productivity and security. Keeping IT in‑house increases control and costs and dramatically reduces flexibility especially regarding IT Security. Here are some key things Controllers should know about IT security:
Saving money on IT can be the result of good planning and ongoing maintenance. Letting old equipment run that one extra year might look like a smart option; but if it exposes your organization to an attack or breach, those costs are enormous. Think the opposite of Nike…Don’t Do IT!
Sometimes the simplest and least expensive ways of accomplishing things are forgotten too quickly. Updating/patching existing hardware and software and purchasing new equipment regularly is one the most basic things that can be done ensure data protection for your organization. Far too many new clients have tried to save on information technology costs by sticking with old equipment or expired software. Cybercriminals are on the hunt for older equipment that is “end of life.” That one outdated PC used once a month by the spouse of the business owner could be the gateway that the bad guys need to infiltrate a network. We’ve seen this happen. Budgeting for updating all hardware and software makes everything run smoother. So, when it does come time to update things—often due to a compliance issue or a requirement from a client—the adjustment costs are modest. We encourage clients to budget to replace 20-25% of their technology asset investment yearly. That way, they are never too far behind; and they can easily move the latest, greatest, and newest hardware to those areas of the business that require it.
Have a Security Plan
As the key financial officer of a firm, it is imperative that the Controller have specific cybersecurity policies and plans in place, including a Business Continuity Plan in the event of a natural or criminal disaster—a comprehensive strategy to safeguard finance processes and important company and client data. Engage a cross-functional team that monitors policy compliance and submits regular reports on the state of financial data security.
- Charge the team with identifying the areas in finance and other business/operational processes that are most vulnerable to attack or of interest to criminals.
- Identify roles and responsibilities of key staff members in case of a successful financial data breach.
- Monitor success of the plan with regular tests of the cybersecurity measures in place for finance processes. Confirm all are prepared for evolving threats in the dynamic world of cybersecurity.
Let us know if you need help running the numbers. Stay tuned next month as we showcase data security and your HR staff.
As always, the IT Radix team is here to assist in adding layers of security to protect you and your business. Contact us today!
First published in our September 2021 IT Radix Resource newsletter