more-arw search

Q&A Forum

What role should CFOs play in mitigating data breaches?

James Bryant's Profile

Answers

Topic Expert
Len Green
Title: Performance Improvement Consultant and E..
Company: Haygarth Consulting LLC
LinkedIn Profile
(Performance Improvement Consultant and ERP Strategist, Haygarth Consulting LLC) |

James
Here are a few pointers from my perspective:

If IT reports to the CFO, play an active role. Refer the S. 1408: Data Breach Notification Act of 2011.

If the CFO is responsible for risk management, also play an active role. Loss of reputation, cost of remediation should be of particular interest.

Look at your own customer/prospect and employee data. Look at data released to 3rd parties for processing (e.g. 3rd party CRM/campaign mgmt service providers). How safe is your data in the cloud (e.g. are you using SaaS based CRM and other software?)

Talk to your colleagues in IT, sales, marketing and HR. Most security breaches are shown to come from the inside anyway. Are your HR and IT security policies and controls good?

Regards
Len

Topic Expert
Wayne Spivak
Title: President & CFO
Company: SBAConsulting.com
LinkedIn Profile
(President & CFO, SBAConsulting.com) |

In most of the organizations I know, IT reports to the CFO (with or without a CIO/CTO).

As such, and as part of a comprehensive internal audit function, the CFO should be involved in prevention, response, mitigation and recovery.

I've heard the argument many times that the staff is against this and that program which could prevent data breaches.... what is the cost for prevention vs response and recovery?

Charles Schrock
Title: SVP
Company: Inland Bank and Trust
(SVP, Inland Bank and Trust) |

I think that Len is on the right track. It's not so much what the CFO's responsibility would be ... it's what your responsibility would be. If no one else "owns" data security in your organization and it falls into your lap, then you need to spearhead some type of plan.

The foundation for effective handling of a breach is a data security program. It should incorporate your state's notification laws. The level of detail within that plan can vary according to your needs. But, the important point is that if/when you encounter a data security breach you really don't have the time to start thinking about how you will respond. The basic foundation of a response needs to be ready to go.

If, on the other hand, your question is more about prevention then a risk assessment would appropriate. Where is your data? How does it travel? Is it encrypted during both storage and data transfer? This will give you the potential weak points. From there, you can decide on whether you need to strengthen some IT areas and/or make certain data security demands on third-party providers.

Topic Expert
Regis Quirin
Title: Director of Finance
Company: Gibney Anthony & Flaherty LLP
LinkedIn Profile
(Director of Finance, Gibney Anthony & Flaherty LLP) |

Every position within a company is responsible for a piece of the Risk Management puzzle. But the CFO is essentially the individual that takes a macro perspective of a company. Whether it is related to ensuring every department has risk mitigation activities within their policy and procedures or working with auditors to discuss perceived deficiencies, the CFO is key to ensuring all identified risks are addressed.

Topic Expert
Len Green
Title: Performance Improvement Consultant and E..
Company: Haygarth Consulting LLC
LinkedIn Profile
(Performance Improvement Consultant and ERP Strategist, Haygarth Consulting LLC) |

James - you may be interested in this company...see http://www.protectmydatabase.com/
Regards
Len

1928 views
Topics
Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.