In a recent article in Treasury & Risk magazine, Kyriba’s VP of Strategy Bob Stark opined on the significant and wide-ranging risks that treasurers face when they do not team-up with their CISO (or CIO, CTO, IT) to ensure their financial data is safe. In the context of a persistent and increasing number of payment fraud attempts, where more than three quarters of organizations report attempted payments fraud, aligning with your internal security team’s best practices has never been more critical.
One of the ways to ensure data is safe is to update treasury security policies and to review the policies with internal IT. While many CISOs today prefer a third-party vendor to manage finance solutions in the cloud as a way to eliminate onsite liability and reduce IT workloads, they will still want to know if the solution meets or exceeds data security standards. Here’s a list of five tips from the article to help the treasury team work with the CISO and reduce organizational risk:
- Request a list of security best practices, or the company’s security policy, from your CISO. It’s an easy ask and will enable treasury staff to identify any areas where treasury security policies differ from corporate policies in significant ways.
- Acquire a list of data-security best practices and policies from the vendor of your treasury management system, and present it to your CISO. Your vendor should have this information readily available. The treasury team’s ability to adhere to policies and establish workflows that effectively protect corporate data will be useful in company compliance audits.
- Establish security KPIs with your team. Effectively monitoring access to the corporate treasury management system will impress the CISO. Request a simple report on security access from your treasury management system vendor.
- Request training on securing your treasury management solutions. As part of today’s ongoing education for treasury certifications, many webinars and conference training sessions offer tips and best practices that reinforce the importance of secure passwords and multi-factor authentication. It’s a good idea to ask your team to provide a list of the security training they’ve undergone, and to include that information in reports on the treasury function’s security practices.
- Treasury systems via VPN. New, best-in-class cloud solutions run in data centers and utilize data security services that most CISOs prefer to see. Nevertheless, there are options for enhancing security for companies that run their treasury management systems on-premises. One key security measure is ensuring that employees working from remote locations can access treasury data only via a locked-down and secure VPN.
In the event the existing solution fails the CISO’s audit, it may be time to seek a new treasury and risk management solution. An astute treasury professional will conduct several reviews before selecting and investing in a treasury and risk management solution (TRM). A typical search for a new TRM will involve:
- An audit of company KPIs
- The development of a business case to present to senior leadership for budget approval
- A review of the market for a proven, world-class solution that will fit your needs today and be able to grow with you
Among the top concerns, however, for any solution should be its ability to provide a secure environment, reduce operational risk by aligning to the CISO’s policies and standards, and eliminating payments fraud.