Technology & Innovation

Cybersecurity and the cloud: What CFOs need to know

CFOs, learn how cloud technology can help to overcome cybersecurity challenges plus discover steps to take to start your cloud journey.

Cybersecurity is the sole responsibility of the IT team. Wrong.

Cybersecurity is everybody’s responsibility, especially as it’s people who can be weak links when it comes to securing your business. Whether you’re talking about phishing, malware or data leaks, it’s often the mistakes of people that causes problems.

When it comes to cloud security, the problems don’t generally come with the technology—cloud infrastructure can be at least as secure as enterprise data centres.

Your issues will come if the cloud is poorly implemented, and adopted without securing your usage.

Your people need to understand their responsibilities when using cloud infrastructure, while your business should adopt processes that protect users from themselves.

Here’s what we cover in this article:

Challenges of remote working and cybersecurity

Why cybersecurity is an essential consideration for CFOs

How cloud tech can help to overcome cybersecurity challenges

Steps for CFOs to start their cloud adoption journey

Final thoughts on cybersecurity and the cloud

With the massive increase of remote working that resulted from the coronavirus pandemic, your security risks may have grown. Your employees are more likely to share data across personal computers and other devices, including financial data.

Ideally, your business should have confidentiality policies, including advice on how employees should securely store documents.

Sally-Ann Hall-Jones, CEO at Reality HR, says: “You may need to discuss with your IT provider whether the system is as secure for remote workers as it is when they are office-based.

“Home broadband connections are often less secure than business-grade ones, so you may wish to consider the use of a Virtual Private Network [VPN].”

However, some businesses may have cut corners in a hurry to provide employees access to remote work through the cloud.

According to a survey of 500 UK finance professionals conducted by Sage, 64% said they prioritised ensuring flexible access to company systems over managing security concerns.

Susan Cummings, CFO of DCSL GuideSmiths, a UK-based software developer, says: “When Covid happened, and people had to shift to working from home, security naturally slipped down the priority list.”

Many businesses will continue with remote working, which means you’ll need security solutions that can adapt to a mobile workforce that depends on a suite of tools.

With more financial processes running remotely through the cloud, as a CFO, you’ll need to support the development of security measures specifically for the finance function.

A recent Gartner CFO survey found that nearly three out of four CFOs intended to shift at least 5% of previously on-site staff to permanent remote roles after coronavirus. Many of your finance processes already running remotely may have some of your company’s most sensitive information, such as customer and supplier financial data.

You oversee some of the most valuable data in your organisation, so security should be a priority in everything you do. If your business gets hacked, and your customer data gets stolen, it might be on you to explain what happened and why there wasn’t enough money (or time) spent on getting your cloud systems secure.

With finance teams particularly vulnerable to cyberattacks, anyone in the CFO role will want a firm understanding of new IT security issues, risks, and the legal frameworks involved.

Alexander Bant, chief of research in the Gartner finance practice, says you shouldn’t ignore new security vulnerabilities, but neither should you go it alone.

He says: “CFOs especially need to collaborate with both IT and risk managers to make sure new cybersecurity risks stemming from the adoption of remote work don’t outpace the policies designed to protect vulnerable data.”

Threats that CFOs should guard against when it comes to financial data include:

1. Phishing attacks

Phishing attacks are methods designed to trick employees into giving up sensitive financial information, usually by email, but can expand to voice calls and text messages.

2. Malware

Malware is a term used to describe malicious software, files or programs designed to harm and disrupt computers.

3. Data leakage

Valuable financial data can leak through office and home internet connections using laptops, PCs, mobiles and tablets.

Cloud solutions configured correctly can be more secure than on-premise solutions.

Cloud providers typically guarantee the safety and security of their platforms and offer their users additional safety measures, such as password protection, encryption and access limitations based on user profiles.

Users can also benefit from 24/7 monitoring and dedicated cybersecurity teams trained to rapidly identify and respond to potential threats, reducing the impact.

However, you should ensure that cloud providers are supporting your specific requirements.

There are differences between cloud providers, big and small, so you should be prepared to ask hard questions about how they are protecting your data and infrastructure.

Don’t simply put faith in what they say. They should at least provide evidence and case studies of the good work they may have done.

Because remote working involves user-managed devices and remote access, don’t adopt cloud software without knowing exactly how users can access it, what they see, and how you can manage them.

One of the enormous security benefits of cloud applications over on-premise solutions is the ease with which you can patch and upgrade software.

With new threats constantly emerging, cloud providers only need to send one fix out to multiple users if there is a vulnerability. Users will always have the latest and most secure versions of the software.

But remember, the cloud tech you use is only as secure as your people.

If your employees leave out passwords publicly or click every link on their emails without thought, no technology will help. Train people up, educate them, and make sure they have a security-first mindset.

1. Identify your goals

Get a solid understanding of how cloud software will improve your business. If you’re looking to automate your financial processes, determine what processes will they be, and how much time will be saved.

The more tangible the targets are, the more buy-in you can get from the rest of the company.

Having measurable key performance indicators (KPIs) will help here.

2. Audit your existing infrastructure

It’s best if you understand which of your processes are working well before making mass changes.

Implementing cloud software can be a complex process, so a good audit will help you prioritise your cloud initiatives and detemine which systems and apps you should migrate first, based on the amount of value they offer your business.

3. Communicate with your employees

Before you get buy-in, you need to let your finance team and the wider organisation know what the cloud will do for them.

You need to communicate throughout the whole process. Remember that your employees play an essential part by following security best practices.

4. Get the right support

You’ll need to speak to cloud providers and ask the right questions.

What is their reputation for security and compliance? What kind of support will they give you?

Work with senior management, IT teams and other departments to get what you need and consider getting external support to ensure you’re successful in the long term.

Unfortunately, you may have heard a few security myths still making the rounds.

One of them is that cloud systems are less secure than keeping your data on-site, which is quite an old school way of thinking. In the Sage research, 22% of non-cloud ready respondents say fears about compromised security are their biggest barrier to cloud adoption.

Yes, when firms suffer breaches of customer data and sensitive business information, it does tend to be a big deal. But in most cases, it’s a failure of management and implementation by the business involved, which tends to be the problem.

Moving your finance systems to the cloud will improve protection, while creating a more flexible work environment to support workers—regardless of their location—and help them avoid any mistakes that put their data and the business at risk.

This content in its original form was paid for by Sage and produced in partnership with Longitude, a Financial Times company.

The digital CFO

CFOs, discover why digitalisation should be your top priority and see why investing in automation and the cloud will help your business stay ahead of the game.

Download the report