By Jessica Salerno-Shumaker, OSCPA senior content manager
One expert says the key to cybersecurity is thinking about it as a process and not a project.
“I get a lot of people who say, ‘Why do we have to spend this money or these resources? We just did cyber last year.’ And it doesn't work that way,” said Damon Hacker, president and CEO of Vestige Ltd,
Hacker will present “A strategic look at cyber security,” at the Strategic Finance and Accounting Conference on April 20. While he said this can be a confusing area for companies to figure out, a strategic approach will be the most beneficial.
“The focus has got to be risk based for the organization,” Hacker said. “Every organization has a different risk pattern because of what they do, how they handle information, and what they've already got in place.”
A company with a completely remote staff would have different risks than one where everyone comes into the office, Hacker said, and they would have different priorities. Creating a risk-based framework that then helps the company determine priorities helps avoid the “shotgun approach,” he said, when organizations hear about random threats and decide to implement random cybersecurity that might not make sense.
It's also critical to create a culture of cybersecurity within the entire organization, and not assume the only people who must consider cybersecurity risks is the IT department. Everyone is potentially a target, and they should be aware of scams.
“I think a lot of organizations overlook cybersecurity and think they’re not targets because they don't have intellectual property or sensitive information on clients,” he said. “And then they get attacked, and it is a big deal.”
It’s important for accountants to understand and communicate the necessity of ongoing cybersecurity measures, Hacker said, because sharing this information with the organization decisionmakers will ensure this isn't forgotten.
“I don't want companies to just go out and find the latest and greatest of something and put it in place,” he said. “I want them to focus on the risk and prioritize it so that you they are always making advancements.”