Is Managing Cybersecurity Risk on Your Resume?

By Joel White, CPA, CGMA, CISA, CIA, CFE; Senior Director – Internal Audit, Risk & Compliance, Association of International Certified Professional Accountants

Cybersecurity is a critical risk, given businesses’ increased reliance on technology. Now more than ever, companies need to bring their key functions and leaders together to tackle this complex issue.

Beyond dealing with the financial aftermath of a breach, finance and accounting professionals can add a lot of value when it comes to preventing cyberattacks. Managing cybersecurity risk needs to be a partnership among an organization’s technology team, finance team and others who manage sensitive data, such as human resources and research and development.

Here are three ways you can add value to this partnership:

1. Know what’s most important to protect.

Rather than spending your limited time and money protecting every bit and byte your company manages, consider which assets are the most valuable – and therefore most important to protect from cyberattacks.

Finance and accounting professionals are often the primary users of valuable data. That means they have insight into where an organization’s high-value data is located, who has access to it and how this data is secured. The data could include merger and acquisition information, archived credit card data from an old system, research and development data, or monthly financial reports. By identifying the most valuable assets, finance and accounting professionals can then help identify how that data could be targeted by hackers. This analysis will go a long way in making sure you protect what matters most.

2. Understand your organization’s environment and policies.

While configuring firewalls may be a reach, accountants can play a key role in developing an environment that supports cybersecurity efforts. This includes:

  • Leading and participating in the development of key policies (e.g., data classification, incident response plans, data retention, acceptable use, logical access)
  • Developing training and awareness efforts
  • Evaluating and making recommendations on funding cyber initiatives, cyber insurance and risk assessments
  • Reinforcing a culture in which security is at the forefront

Additionally, end users are often the weakest link, and emphasizing the importance of good security hygiene goes a long way toward building a better cyber defense. Many of the accounting fundamentals around completeness and accuracy, risk management and internal controls play a critical role in the cyber conversation, too.

3. Provide assurance that an organization’s cybersecurity framework is effective.  

Today, customers, boards and key stakeholders expect companies to have a strong cybersecurity program in place. Finance and accounting professionals can provide this type of assurance. We recently released a flexible cybersecurity framework that can help staff effectively communicate how an organization is managing cybersecurity risk.  Whether an organization’s cybersecurity program is in its infancy or it already has robust cybersecurity processes in place, bringing in an independent party to validate their cybersecurity control environment is an important step toward preventing cyberattacks and adding value to an organization.

Accountants have a lot to offer in designing and maintaining an effective cybersecurity program. Given the impact cybersecurity breaches can have, taking a holistic approach to cybersecurity is key to an organization’s success. To learn more about accountants’ roles in preventing cyberattacks, visit this cybersecurity resource center from the Association of International Certified Professional Accountants, the new global organization launched by members of the AICPA and CIMA last year. If you’re more of a visual learner, watch the video below or check out a Facebook Live interview I did on the subject.

Cybersecurity: where you can add value with Joel White, CPA, CGMA, Senior Director – Internal Audit, Risk & Compliance

Posted by CGMA on Friday, October 27, 2017