Reducing financial security and compliance risks

Technological advancements play an important role in evolving and improving financial reporting.

Traditional methods that involve manual paper-based processes are costly in terms of time, money and resources. Even legacy technology systems can introduce risk, so it’s important for organisations to modernise where possible and implement a strong cybersecurity posture to reduce the risk of a data breach or other compromise, according to SAP Concur.

Jonathan Beeby, Managing Director, SAP Concur ANZ, says the perceived complexity of the exercise may deter some organisations.

“Digitalising processes that were previously manual is an excellent first step for organisations looking to gain efficiencies and streamline their workloads. However, the complexity of migrating data from legacy systems to newer, automated, more secure systems can deter organisations from taking this important next step,” he said.

“However, the risks associated with continuing to use legacy systems that may not be secure can incur costs that go far beyond the cost and complexity of a migration.”

Legacy systems tend to let many users access files and add multiple data inputs, leaving little to no control of who has access along the audit trail. Different staff members inputting different information also increases the risk of multiple versions of the truth, creating an operational risk for the organisation.

The key business risk that arises from this lack of control is that errors may slip through, decisions may be based on inaccurate information and business performance can be impacted, which would diminish investor confidence.

This risk has become even more pronounced as the acceleration of remote working models has revealed security gaps that were never previously considered. Employees are either accessing cloud-based systems from unsecured home networks and devices, or they may find themselves unable to access legacy systems from remote locations, which stops them from working effectively.

Either option creates an unacceptable risk for the organisation, but it’s important to avoid implementing overly strict cybersecurity policies and tools that would hinder effective remote working.

According to Beeby, the focus should be on providing access without compromising security.

“The new remote-working environment has made cloud-based systems essential for businesses,” he said. “Cloud-based solutions give employees access to the software they need, when they need it, regardless of their physical location. However, it’s essential to ensure that these systems are properly secured so that employees can access essential systems and data without compromising security.”

Some of the key risks arising from remote working are as follows:

• Hackers can steal and misuse sensitive financial data because that data is no longer confined behind network firewalls and well-defined perimeters.
• Weak passwords and lack of multifactor authentication smooths the path for hackers to access company data.
• Workers are sending sensitive data via email, which is not necessarily secure.
   

Organisations can address these challenges in a number of ways. For example, using a virtual private network (VPN) will add a layer of protection and prevent security risks. Multifactor authentication will make it more difficult for unauthorised users to access data stored in the cloud.

Organisations should also leverage email encryption methods to share and transfer information securely. This solution must configure the email encryption solution to encrypt all attachments automatically.

“Before implementing a security strategy, it’s important for organisations to focus on protecting data both in transit and at rest. Using cloud-based, automated tools can dramatically improve efficiency and reduce errors. However, these solutions must be augmented by strong security measures that reduce financial security and compliance risks,” Beeby said.

Image credit: ©stock.adobe.com/au/denisismagilov