What Your CFO / Controller Should Know About IT Security

img IT Radix CFO Controller
img CFO Controller About

In many video games, players have “lives” that determine the duration of the game. Similarly, organizations have Controllers looking to save not “lives” but “funds.” However, too much emphasis on reducing costs can cost more in the long run, especially as it relates to information technology.

One decision each Controller makes is whether to manage IT in-house or to outsource the role. Given the fast pace of changing technology, many companies choose to outsource. Choosing to engage with an IT Managed Services Provider like IT Radix often increases cost savings. It also makes it more likely that the organization will stay on top of technology, ensuring ongoing gains in productivity and security. Keeping IT in-house increases control and costs and dramatically reduces flexibility, especially regarding IT security. Here are some key things Controllers should know about IT security:

The Importance of Upgrading Regularly

Sometimes the simplest and least expensive ways of accomplishing things are forgotten too quickly. Updating/Patching existing hardware and software and purchasing new equipment regularly is one the most basic things that can be done to ensure data protection for your organization. Far too many new clients have tried to save on information technology costs by sticking with old equipment or expired software. Cybercriminals are on the hunt for older equipment that is “end of life.” That one outdated PC used once a month by the spouse of the business owner could be the gateway that the bad guys need to infiltrate a network. We’ve seen this happen. Budgeting for updating all hardware and software makes everything run smoother. So, when it does come time to update things — often due to a compliance issue or a requirement from a client — the adjustment costs are modest. We encourage clients to budget to replace 20–25% of their technology asset investment yearly. That way, they are never too far behind; and they can easily move the latest, greatest, and newest hardware to those areas of the business that require it.

You Must Have a Security Plan

As the key financial officer of a firm, it is imperative that the Controller have specific cybersecurity policies and plans in place, including a Business Continuity Plan in the event of a natural or criminal disaster — a comprehensive strategy to safeguard finance processes and important company and client data. Engage a cross-functional team that monitors policy compliance and submits regular reports on the state of financial data security.

  • Charge the team with identifying the areas in finance and other business/operational processes that are most vulnerable to attack or of interest to criminals.
  • Identify roles and responsibilities of key staff members in case of a successful financial data breach.
  • Monitor the success of the plan with regular tests of the cybersecurity measures in place for finance processes. Confirm all are prepared for evolving threats in the dynamic world of cybersecurity.

Breaches Cost More​

Saving money on IT can be the result of good planning and ongoing maintenance. Letting old equipment run that one extra year might look like a smart option, but it exposes your organization to an attack or a breach. The costs of such a disaster will dwarf any savings you may have enjoyed.
img CFO Controller About

Let us know if you need help running the numbers. Contact us today!