Did you know that there were hundreds of cyber attacks reported by local government organizations in 2019 and 2020 alone? Local governments often fall victim to cyberattacks because they have contractual, billing, and financial information of the governments themselves, and this information is valuable to cybercriminals because they can sell the data or hold it for ransom. The risks are amplified in a remote work environment when there may not be quick access to IT security professionals and more employees are falling for phishing attempts, installing malware unintentionally, and potentially putting their critical financial data at risk. This can lead to proprietary information getting leaked in data breaches, unauthorized access to your database, and other disruptive data security threats to your organizational and financial data. Accounting and finance professionals rely on highly sensitive information and documentation to make timely and well-informed decisions. Thus, organizations must ensure their systems remain secure, fully functioning, and accessible to the employees who need this information to do their job efficiently.
Read ahead to learn how cloud-based technology and proper information security measurements can protect your finance team from cyber disaster.
Why Protect Your Data
Cyber crimes are not a new concept, but the Covid-19 pandemic enabled an increase in the frequency of these crimes, which are up 600% since 2020 according to a cyber security report by PurpleSec. This rise can be attributed to lack of protocols, employees unaware of the cyber risks, and vulnerable data and personal information. Indeed, Varonis reports that on average, only 5% of companies’ folders are properly protected. Remote working has particularly created information security headaches for many small and medium-sized organizations that didn’t necessarily have plans or protocols for transitioning to a virtual work environment. Further, it is estimated that 47% of individuals fall for a phishing scam while working at home. The cost of cyberattacks is enormous, and it increases every year. In the United States, two well-publicized cases of local government breaches—Atlanta, Georgia, in 2018, and Baltimore, Maryland, in 2019—cost those cities $15 million and $18 million, respectively.
But long before the pandemic began, organizations that have financial programs and databases installed locally on individual computers, hard drives, disk drives, or USBs were exposing their critical financial debt and lease data to cyber risks. Even office equipment like digital photocopiers contain hard drives that store information from documents that have been scanned or copied and can be a potential target for data theft, especially if the machinery is resold after it’s been used. (This is what happened to one government agency in New Jersey in 2011.) This type of data storage is vulnerable to malware and threats from individuals who want to corrupt, steal, or lock-down your database.
How To Protect Your Data
Organizations with highly classified and sensitive data should prioritize information security, particularly those in government, higher education, and healthcare organizations. Below are some key areas and next steps your organization can take to create a security action plan.
- Leverage new technology and tools. Organizations should look to transition any data management completed on local computers to a cloud-based platform with modern security measures in place.
- Encrypt data. Your devices and protected information should be encrypted, including data files, emails, and other communications.
- Manage risk. Businesses can apply governance, risk, and compliance (GRC) solutions for improved risk management and use cyber threat intelligence to identify relevant indicators of attacks and address known attacks.
- Prepare for attacks. Select a backup and recovery solution that fits your needs and allows for instant recovery. Map out and test your response strategy to include isolating the infected device/area, validating backup, and activating the response plan.
- Implement a ‘zero trust’ approach. Organizations should consider implementing a ‘zero trust’ approach to cybersecurity. This is a security model where only authenticated and authorized users and devices are permitted access to applications and data. It challenges the concept of “access granted by default”.
Cloud-Based Data Protection
State government IT departments rely on cloud-based models to achieve the agility, cost savings, innovation, and scalability their organizations need. The cloud is basically a “model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources—networks, servers, storage, applications, and services—that can be rapidly provisioned and released with minimal management effort or service provider interaction,” according to the National Institute of Science and Technology (NIST). Cloud technology is the foundation for many government organizations’ efforts to modernize their technology infrastructure and provide citizens with rapid and efficient delivery of services. For instance, agency leaders in the Commonwealth of Virginia are developing plans to identify locally hosted IT systems that can be migrated to public clouds over the next few years.
It’s natural to wonder if your data is safe when it’s stored in the cloud infrastructure. Here’s some reassurance though. According to Norton, “Information stored in the cloud is likely to be more secure than files, images, and videos stored on your own devices. Why? Cloud companies often rely on far more robust cybersecurity measures to protect your sensitive data.” The security measures undertaken by larger companies providing cloud services are typically more thorough and powerful than what you have protecting your home computer and devices.
Cloud-based financial platforms also reduce the use of insecure spreadsheets and manual data entry for debt and lease management, which are notoriously prone to error. Responsibility for these types of files is in the hands of individual users and likely spread across multiple computers, storage locations, and servers. Spreadsheets are frequently printed out, photocopied, emailed to others, accessed through shared folders, and generally not safeguarded. Your organization should focus on implementing adequate controls over data security and disaster recovery that spreadsheets do not provide. Software provides password-protected system access that protects sensitive data, and databases allow data access by multiple users at a time and offer different levels of secure access depending on user roles and needs.
DebtBook: A Secure Debt & Lease Management Solution
The DebtBook platform utilizes security best practices such as enforced password complexity, two factor authentication (2FA), and permissions/role-based user controls. All DebtBook servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network. In addition, DebtBook has been granted SOC compliance, establishing formal controls to protect client data and ensure the integrity of all outputs that may be used for financial reporting.
But don’t just take our word for it, hear from one of DebtBook’s first clients, The City of Durham, North Carolina, who found DebtBook in the wake of a malware incident. The City of Durham was hit by a cyberattack and because the debt management system the city had been using was installed locally on individual computers and hard drives, it too was impacted by the incident.
“We were pressed for time to get something up and running and correct, and our current software provider didn't have the level of urgency we needed, so we need to look elsewhere,” said Emily Desiderio, Treasury Manager, City of Durham, NC.
Desiderio reached out to DebtBook, and not long after that, we had her and her team back up and running — this time, in the safety and convenience of the cloud.
DebtBook’s secure, cloud-based platform ensures you and your team have access to your most critical accounting and financial data and can have peace of mind knowing your system will be easily accessible 24/7. With permission-based access to our database for internal and external team members, everybody has the pertinent information they need to do their job accurately and efficiently.