Why technology is an important part of good risk management strategies
There is a misconception that increased technology invites a greater risk of security breaches. More advanced and confusing systems, more external suppliers and the storage of more data than ever can often make CFOs nervous of technological progress.
However, in reality, the opposite is true. In recent corporate security breaches, the involvement of new technologies could have prevented the attack or minimized its extent. Technology should form a crucial part of any CFO’s risk management strategy.
So, what are the types of risk faced by CFOs running modern finance departments?
What are the risks?
Data breaches are one of the biggest risks companies face in today’s landscape. With the advent of big data technology, companies are storing more data about more individuals for longer. Whether that’s employees or customers, the loss of personal data including bank accounts, social security, salary details can be catastrophic for businesses.
In 2016, the number of reported data breaches in the private sector increased by 40 percent. Often this data will then be used to commit fraud. This usually takes the form of wage theft or theft from customers when bank details are obtained from a vendor or service provider.
Global businesses do not always have the luxury of operating under stringent laws against cyber-attacks and hacking, leaving them more vulnerable to attack. The worst legislation for cybersecurity is considered to be in Algeria, whilst the country least prepared for cyber attacks is Vietnam. If your company does business in a country that lacks sufficient regulations and monitoring, extra care is required.
The results of any security breach are wide-ranging. They include loss of trust and reputational damage amongst employees and clients. Many security breaches result in legal action, and almost all in loss of profits.
How do new technologies help mitigate these risks?
With the involvement of information technology in enterprise risk management, it is possible to achieve risk mitigation at every stage in the lifecycle.
Elimination of human error
The first line of defense in cybersecurity is always the people who use the system. 88% of data breaches can be attributed to human error. One of the major mitigation strategies offered by emerging technologies, and a central tenet to any risk assessment, is the use of automation. With fewer humans operating manual processes, it is less likely that data will be inadvertently compromised, or attacks unwittingly aided. By eliminating the amount of human activity in business processes, companies diminish the potential risk of human error.
72% of data breaches relate to employees falling for phishing emails. Technology is one of the most important tools to counteract this trend. It allows employers to roll out more thorough, effective and widespread training than ever before. Entire global networks including employees and supply chain staff can prepare for the technological risks of phishing and the potential impact a breach may have. This not only applies to phishing, but the careful and safe use of usernames and passwords, and smartphone security. By using technology as a training tool, employees become the first defense against cyber-attacks.
Employee self-service is a common feature of technological upgrades. Whilst some may worry that this opens businesses up to potential attacks, the tool is useful in the fight against security risks. It encourages users to check and update their own data. In this way, errors and anomalies are spotted sooner. If a hacker is siphoning off an employee’s salary, they will likely notice this more quickly and end the attack with employee self-service technology.
The second line of defense against IT risk is the protection of data using technology.
The primary way in which businesses are protecting themselves and their data from cyber-attack is through the use of cloud technology. Centrally stored data is safer than data which presents across paper files, email chains, and desktop folders.
Software companies who specialize in cloud technology have the highest levels of data security. According to Gartner in 2020, cloud infrastructure will suffer 60 percent fewer security incidents than traditional data centers. When Wonga lost 250,000 customers’ bank details in 2017, they could have prevented the breach with the use of cloud technology.
With cloud technology and integrated systems such as a payroll system, data travels through a single workflow. No more sensitive files sent over email, saved to desktops or printed at random.
Also, the system allows for a stringent authorization process. This means only the necessary staff members have high-security access to company files and documents. This system is traceable and auditable, every access can be attributed to the individual user. This not only minimizes the technology risk of data theft, but it also mitigates the damage in the event of a breach. Disaster recovery takes a few clicks with a cloud system. Compare this to the loss of files and documents spread across many platforms, databases and hardware locations.
The British supermarket chain Morrison’s suffered an internal attack that caused the breach of 100,000 employees’ personal details. This was as a result of too many staff members having access to sensitive data.
With an automated system, crucial risk management tasks such as the deletion of old data, reviewing of distribution and access lists are set up to run automatically at company-assigned time intervals. This reduces the chances of an attack occurring and limits the damage in the unlikely event an attack is successful. Compare a data breach in which only current employee data is compromised because the old employee data has been deleted, to a breach where thousands of employees past and present are affected.
Encryption is another crucial way in which technology is essential in risk management. The professional social media platform, LinkedIn, suffered a catastrophic data breach when they lost the personal information of 165 million users. This data was then posted for sale on the dark web. Analysis has shown that a lack of encryption was in part to blame for this massive breach.
The other cause for the breach was the weakness of user passwords, with over 70% of users choosing ‘12345’. More advanced technological systems offer two-factor authentication, password managers and reminders to users to change their passwords every two weeks. This is particularly important for companies that use social media as a business tool. The networks can present a potential weak spot in security. Password technology is essential in risk mitigation.
The third line of risk mitigation when it comes to cyber-attack is the use of anti-virus and malware software. The more advanced the software, the more likely it is of preventing or limiting the potential impact of an attack.
The software must be updated to perform at its best in mitigating risk. In 2017, hackers were able to access the data of over 143 million Equifax customers. Unfortunately, the company had failed to update their software, leaving them vulnerable to attack.
But it’s not only in case of an attack that technology proves to be an essential tool in ERM. In the unlikely event of a security breach, technology can assist in minimizing damage.
The reporting tools found in payroll software spot and stop fraud more quickly. This is thanks to the use of Artificial Intelligence working in real-time to conduct continuous risk monitoring.
Machine learning understands what typical usage looks like and can identify and flag anomalies. Whether its expenses abuses, duplicate transactions or a data security breach, automated systems can identify key areas for concern and track them. This technology is not only more effective but also more cost-effective than a human taskforce combing thousands of transactions and processes.
When attackers targeted Vision Direct, around 6,600 customers were affected. But their system lacked the tools needed to identify and stem the breach in time, meaning it lasted for five days. In a similar incident, Dixons Carphone failed to get a grip on a security breach that ended up lasting one year and grew from affecting 1.2 million customers to 10 million. Without real-time visibility from reporting technology, customers and staff were unaware of the source of the outage and scale of the breach.
For CFOs and decision-makers operating data-rich enterprises, risk mitigation through the use of new technologies should be a priority. As data breaches increased in number in 2018, it’s important to act now.
Consider Payslip’s Global Payroll Technology for a fully integrated system that standardizes the payroll process globally and helps secure your employee data. For more information, contact us today.
Using Payslip, we can manage all our payrolls across nine in-country vendors on one platform. When the global Covid-19 pandemic arose, it was not an issue from a payroll perspective, and critically getting everyone paid. The Payslip platform enabled continuity for our international payroll service including the fast and seamless implementation of the Payslip Employment Self Service during this time.
Payroll Manager, LogMeIn
With business and employee growth rates of above 50%, we rely on our vendors to deliver on time, every time. Payslip’s workflow automation, enables Phorest to manage our payroll provider process – data driven, real time and transparent. Payslip saves us time so we can focus on our business growth.
International Payroll Manager, Phorest