FEATURE INSIGHT
Looking to the future So, with the threat of cyberattacks ever increasing, is cyber security an issue that will ever go away? Unfortunately for employers, this looks unlikely. “Data is already a commodity and a currency. The more data that is produced the more likelihood that this will become more of a problem,” says Rains. Data is shifting from in-house systems to cloud solutions, although this does mean the data is less safe – in some cases quite the reverse. But the impact of any potential cyberattack will be greater for any hacker, and the bigger the impact, the bigger the potential ransom, he explains. “It is very easy even now to buy ransomware on the dark web. You can buy it as ‘ransom as a service’ so you do not even need IT skills. You pay a fee upfront to use the software and then you take any ransom collected usually in Bitcoins,” Rains adds. So, while ensuring cyber security may seem like a daunting task, the most astute employers will accept that doing so is an absolute necessity. n challenge for nearly all companies – and the global shortage of experienced cyber security professionals is expected to increase over the next three to five years. It is vital that finance, risk and compliance management professionals in public and private organisations – in particular [small- to medium-size enterprises] step up and take ownership of the growing financial responsibilities in cyber security”. n Cyber security month The European Union’s cyber security annual awareness campaign takes place in October. Its aim is to raise awareness of cyber security threats, promote cyber security among citizens and organisations, and provide resources to protect themselves online, through education and sharing of good practices (https:// cybersecuritymonth.eu/). Events in the UK for 2018 are being planned (see https:// bit.ly/2EDlvij).
he says. “A good consultant will first take the time to understand your business and then prioritise where your budget should be allocated and used to the greatest effect.” Rains agrees that third parties who you share data with as an outsourcer or as a customer can help by providing you with a secure and safe method of transferring data like HMRC or BACS do. “Transferring time and attendance [T&A] data from an external T&A system using email, emailing lists to third-party creditors, emailing pension data in a csv [comma separated value] file or a spreadsheet to a pension provider or sending or receiving payroll data on a spreadsheet to/from a payroll bureau is not a safe method,” he explains, adding that secure, password protected file transfer protocol sites are required to transfer data in and out. Getting it wrong According to Rains, the most obvious danger of getting cyber security wrong is having your processing data held to A s part of the 2017 cyber security month, BDO released a report (https://bit.ly/2kiZ8tA) indicating that chief finance officers are now also cyber security custodians. The report identifies several key levels of finance executives’ strategic engagement with cyber security. l Cyber security compliance oversight engages the chief compliance officer, who is usually located in the finance department. In mid-market companies where roles are combined, it may be the finance manager who finds cyber compliance within his or her remit. l Cyber incidents cause reputation damage acquisition negotiations. Finance managers engaged in deal making leverage their cyber security knowledge to estimate the value of an organisation’s cyber defences, as well as the impact of a breach on overall valuation. l Cyber supply chain risks require a which affects valuation, jeopardising a company’s position in merger and
ransom. “That’s a scary thought if you are just about to run your payroll and your systems are breached and your processing data is held to ransom,” he says, adding that it is for this reason the incoming General Data Protection Regulation is so important. “We need to make sure we take better care of our data because there are unscrupulous people out there who now see our data as a commodity and a way to get rich quick.” ...most obvious danger of getting cyber security wrong is having your processing data held to ransom Other dangers include damage to or permanent loss of data, damage to internal systems or networks and websites. coordinated effort to address because they touch sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions – all of which intersect inside the finance department. l Risk managers manage the risk to the organisation, its employees, clients, reputation, assets and the interests of stakeholders. Cyber risk has made its way to the desk of the corporate treasurer who becomes a key factor in an effective and holistic cyber risk defence programme, evaluating cyber risk exposure and ensuring adequate cyber insurance coverage for non- remediated risks. Gregory Garrett, head of international cyber security, BDO, comments: “… organisations are facing ever more stringent cyber security regulations – it is not surprising that many of them feel overwhelmed. The recruiting, staffing, training and retention of cyber security talent is a significant
Rise of the ‘cybercountants’
| Professional in Payroll, Pensions and Reward | May 2018 | Issue 40 42
Made with FlippingBook - Online magazine maker