Today's treasury infrastructure is changing and, with it, the associated risks of data loss or fraud have multiplied. Within the security community, it is often said that it is not a matter of ‘if’ but ‘when’ you are going to be affected by a security breach. Treasurers need to ensure that controls are in place to protect the corporate assets and, as such, should take a lead role in protecting the company from cyber threats. Securing your company is not a one-time exercise; it is a journey that needs to be reviewed regularly and adapted to new threats.
You can’t do it alone
It is unlikely that treasurers have the expertise to protect the company on their own. Therefore, it is best to create a cross-business team with technology, information security and internal audit to jointly protect the firm. Working together and utilising collective expertise, the team can audit risky processes, run security penetration tests, and then jointly assess the levels of risk to the organisation before determining an action plan.
In addition, this is not something that only the leadership team needs to be aware of. To best prepare the organisation, the employees need to be aware of the latest fraud attack vectors and techniques, and receive proper training on how to successfully identify, prevent and respond to attacks. This training must be provided regularly, so as to keep pace with the constant evolution of the cybercrime landscape. It is a good idea to test the effectiveness of the training through internal mock phishing exercises to ensure the employees follow the proper policies and procedures.
Protecting the treasury infrastructure
There can be numerous entry points into a company’s infrastructure. For some, all it takes is an employee plugging in a USB stick they found on their way to work, or an unintentional click on a website (even legitimate ones) to open the infrastructure up to risk. It’s a good idea to review these potential entry points with your technology team to understand what controls you have in place. The following topics provide a good starting point for these discussions: