Cybersecurity is traditionally the CISO’s responsibility, or so conventional business wisdom goes.
However, modern businesses are fully digital, and security is as much a product feature as any functionality. Security is now every employee’s responsibility, including the CFO’s.
While CFOs might lack the technical know-how to execute cybersecurity programs, they oversee several critical business assets. Their email inboxes, specifically, are highly valuable, given the wealth of information and business secrets they possess.
Email security remains highly critical for modern companies, due to advances in malware. Here are four reasons modern CFOs must prioritize email security at all times.
Insures against financial loss
CFO emails contain highly sensitive information. Even if a company prioritizes messaging on IM tools like Slack, email remains a valuable source of information for malicious attackers. For starters, emails are a popular way of entering a company’s network and can be used to pry sensitive information from a victim.
Recent cybersecurity attacks, such as the one experienced by Uber, used social engineering after an attacker found their way into an employee’s inbox. The attacker posed as a trusted source, bombarding the victim with repeated OTP credentials, leading to fatigue. The employee divulged their password to the attacker in a bid to stop the repeated pings.
Capital One suffered a similar breach, leading to a $190 million settlement with victims. This amount doesn’t include the brand damage and non-quantifiable losses Capital One suffered.
Imagining CFOs succumbing to social engineering attacks like these isn’t far-fetched. An attacker could pose as the company’s CEO and request sensitive information. If CFOs aren’t careful, they might cause irreparable financial loss. Following basic email security norms like MFA authentication and repeated password changes will ensure companies don’t suffer data leaks that cause massive monetary losses.
Increases revenues
While email security isn’t directly tied to bottom-line profits, the security stance a firm adopts plays a role in customer perception. A company that makes highly secure products and follows the strictest security standards will naturally draw a loyal following given modern consumer preferences for data security and privacy.
CFO email inboxes are a great starting point to enforce these principles. Basic security awareness training, simulation attacks, and regular security audits will drive the need for security from the top. CFOs can set an example to the rest of the company by preaching security despite the non-technical role.
Also, CFOs who secure their email inboxes will be in a stronger position to tout their product’s security features, something no company executive who has suffered a data breach can do. The result is more confidence in the executive board’s ability to steer the company ship and greater profits from loyal consumers.
Preserves board trust
Trust is all-important when running a modern corporation. Whether a company is VC-funded or public, company boards are highly demanding. Often, CFOs are in the firing line and have to answer complex questions like where a company will land by the end of the year and justify new project investment.
In short: CFOs must preserve board trust to excel at their jobs. A CFO who doesn’t have the board’s backing is on a short leash and will face repeated questioning, curtailing their ability to execute their goals. In the middle of all this, email security seems like a small point, but it plays a role in preserving a CFO’s reputation.
For instance, a CFO on a short leash who suffers a data breach due to falling for an impersonation attack is unlikely to be well received by their peers. The nature of information and communication standards CFOs practice in their email communication is critical.
Security is a great way for CFOs to do the basics right and build a culture of trust within their companies.
Boosts investor relations
A company’s valuation (or stock price for public enterprises) is a critical metric that investors use to judge the executive team’s performance. CFOs are judged on their ability to run a tight ship financially while ensuring the company meets its financial goals.
Much like a board’s confidence in the CFO, investor confidence is just as critical. A CFO who causes a data breach due to ignoring basic email security measures is unlikely to engender feelings of trust with investors. As with everything else in cybersecurity, good training is critical.
CFOs must spend time on a simulation platform that gives them exposure to real-world threats in their inboxes. These platforms will help them spot fraudulent emails that use social engineering and impersonation to trick victims. Most simulation platforms tailor learning paths to individual strengths, giving CFOs a custom experience even if they lack technical skills.
A significant responsibility
Security is now every company employee’s responsibility, irrespective of how technical their role is. CFOs are a critical cog in a company’s machinery, and their inboxes are vulnerable to attack. A CFO who prioritizes security will work in line with modern security trends and boost confidence in their abilities in investor and board eyes.