Managing Cybersecurity in Accounting

Introduction a. Definition b. Address the Controller c. Why is this issue at the forefront? d. Why is this relevant to this company? III. vi. Cyber-extortion This is a technique where malware is used to encrypt victims file and demand money before the hacker releases the decryption key vii. Data privacy: the risk of fines This involves the risk of fines if a company or individual does not comply with the set rules. By rushing to comply with the rules the company or individual may be exposed to threats. IV. Retrieved on February 8, 2018, from: https://www. netiq. com/communities/cool-solutions/netiq- views/corrective-controls-identity-access-management/ Huber N. Seven cyber threats to CAs. CA Magazine. As the world tends toward technology, hackers are more advanced; therefore, accountants must increase their focus on cybersecurity to protect sensitive financial information.

Managing cybersecurity as an accountant requires three controls; that is preventive, detective and collective controls. Preventive controls: Do not allow unauthorized users to gain access into your sensitive financial information, this goes beyond traditional ways of preventing information such as perimeter barriers. With new technology such as cloud computing, remote access among others, accountants must explore this as a way of managing cybersecurity. Detective controls: This will help alert the organization if the malicious, unwanted, or unauthorized activity has been detected in an organization. III. Types of cyber threats in Accounting i. Phishing According to Huber (2017), phishing is a technique whereby the people or institutions are tricked to give bank account details to unauthorized people in this case criminals. The criminals usually use emails and act as a genuine entity to trick unsuspecting person or company.

In most cases the criminals may ask one to verify the bank account, make payment or re-enter information (Huber, 2017). This information may fall into the wrong hands, for instance, criminals or hackers and may be used to hack a system or used to damage the company’s reputation. iv. Software attacks as a service According to Huber (2017), this is a technique used by hackers or criminals where they buy already made malicious software which may include Trojan horses, viruses as well as worms. A virus attaches to a file or a program and usually spreads from one to another and leaves the infections. Nevertheless, for a virus to spread there must be a human action. According to Huber (2017), in identity fraud, one has to pose as the original holder and the intention must be to use one's identity to gain financial gain.

The hacker or a criminal can find one's identity through finding a lost identity card, hacking, in social networks, among others. vi. Cyber-extortion The most common type of cyber extortion is ransomware. This is a technique where malware is used to encrypt victims file and demand money before the hacker releases the decryption key. According to McCafferty (2017), for the company to prevent cyber threat then it needs to ensure that patches and updates are being applied. Since the accounting and IT, departments cannot provide patches and updates to technology and devices which are not owned by the company such as laptops and phones, there is need to have a security scanning system which will assist in identifying rogue devices that may be connected to the network.

In addition, the IT auditors and accountants should time and again conduct an inventory assessment. Furthermore, the accounting department should make sure that the IT department does not run old software which is no longer supported by issuer since it means that vulnerabilities and flaws are no longer being fixed (McCafferty, 2017). Another preventive control is testing the data and the backup system (McCafferty, 2017). The employee will be able to identify the vulnerabilities that were previously used by hackers, for instance, the WannaCry attack. The WannaCry was a 2007 worldwide cyber-attack by the WannaCry ransomware cryptoworm and it targeted Microsoft Windows operating system. In addition, the employee will be in a position to identify the software that is been used in the company and the one that is not patched or supported.

The accounting manager should make sure that unauthorized user does not gain access to sensitive financial information. This can be facilitated through access codes, lock, and key, passwords on accounting systems and computers (McCafferty, 2017). System logging and monitoring is another form of cyber threat detection that can be used in the accounting department. The technique involves using tools that record logins as well as access to some applications (Romney Et al, 2012). The main aim of the tools is to monitor and preserve what authorized user does on the system. The tool has the capability of alerting the system administrator in case there is any violation of policies for instance company email, unauthorized access to areas that are protected and are categorized as privileged areas like sensitive financial information.

Another form of detective controls is using intrusion detection system. One of the corrective controls that the accountant department should have is patch management. The department should have a code that is released by the software developer in order to fix the vulnerabilities that have already been discovered (Romney Et al, 2012). Furthermore, the latest updates should be installed to antivirus software, application systems, firewalls and operating systems. In addition, the accountant department should be able to restore the data from the backup system. Process automation is another technique that can be used as a corrective control for cyber threat (Greene, 2015). In addition, the company should invest in exploit kits which are more personal than off-the-shelf and they do not solely rely on technical flaws but also social engineering.

This will require the company to invest more on manpower and initial cost of engineering but it will assist in information security. The company should create employees awareness as well as advanced email solutions. This will not cost the company anything but it will benefit the company on information security. In case of a possible attack from a mobile device, I would recommend the company to invest in data-driven tools that can reveal behaviors of the apps that are within the surrounding. Conclusion Accountants have one of the major sensitive information for the company. This means that they should be one of the branches of cyber security management within the company since they hold sensitive financial information. For the financial information to be secure then the accountants need to put measures to secure the information and data.