It seems like the accounting and finance industry is being hit by all sides when it comes to keeping important data secure and complying with numerous regulatory requirements.
A source once told me that when it comes to data security, banks were at the forefront of that process. However, there is no lessening of the pressure the industry faces when it comes to how it addresses its IT infrastructure while also meeting compliance challenges.
According to SafeNet, a break is not in sight. Much of the focus on improved protections for data is driven by a more informed consumer group.
So how can accounting and finance companies (or MSPs working with them) keep security threats at bay, protect customer data, reduce exposure to risk and meet compliance requirements? Well, SafeNet recommends diversifying IT systems and business processes, adding to the IT budget and have a security management plan.
In addition, some of the industry’s needs include securing business processes so that data safely reaches where it needs to go, monitoring data flow and key operations and being able to audit the data trails, Axway said.
As for regulatory requirements, many of the laws have a goal of improving protections against fraud and better data protection, but also how a company must report incidents.
“Bills such as Sarbanes-Oxley, and Gramm-Leach-Bliley have substantially increased ﬁnancial and security-related reporting requirements, and have put pressure on IT organizations to implement effective security solutions on a rapid timetable,” SafeNet reported. “Where laws specify the consequences of failing to comply (by not instituting appropriate protections and/or not establishing adequate audit and reporting mechanisms), penalties include sizeable ﬁnes, heightened scrutiny, credit downgrading, legal prosecution and even possible imprisonment. In addition, data security laws are constantly evolving, making it essential for organizations to focus on implementing ﬂexible, comprehensive security solutions that can ensure adaptability and compliance over the long term.”
Let’s take a look at a few of these: The most well-known is Sarbanes-Oxley Act, passed in 2002. SafeNet said it doesn’t go into the IT technologies the industry must have, but the need for “robust access controls, data encryption, and detailed audit trails.”
Meanwhile, the Payment Card Industry Data Security Standard includes 12 requirements like developing a secure network and encrypting cardholder data.
When it comes to making sure all of this meshes well, MSPs or other IT service providers can help companies address issues related to these security and compliance needs with five steps:
- Assess the organization – what are the strategies and how do the operations align, NetIQ advices.
- Plan – NetIQ said this is the most crucial part because this is where expectations and scope of the project will be set. Those include “the timeline, resources and dependencies that define the critical path to success.”
- Design – this is the phase when the processes, technical controls and people needed to implement the plan are examined.
- Implementation – the preparation and rollout of the plan.
- Manage – keeping up with the infrastructure.
To reach those objectives, a security plans needs to take into account the size and complexity of the organization. And, it isn’t necessarily a bad thing for different parts of the organization to have different controls in place as long as it is part of the overall plan and each is safeguarded.
Photo Credit: Images Money via Flickr