Cyberthreats: A Bullet Aimed at the Bottom Line

CFOs no longer believe that cyberattacks are exclusively a problem for the IT department to handle. In fact, a recent Deloitte survey shows they consider cyberattacks one of the greatest threats to a company's financial health. Meanwhile, a new Grant Thornton report on CFO involvement in security indicates that CFOs have ultimate responsibility for security at 38 percent of organizations. The same report shows that nearly half of executives think the biggest barrier to developing an enterprise-wide cybersecurity strategy is an inadequate understanding of cyber risks and their impacts.

If you're a CFO who believes the security buck stops at your desk, our guide to the 5 Critical Elements of Risk Assessment will help you develop a plan for staying on top of new threats while implementing protections that balance affordability and effectiveness.

Cyber Cons Are Getting Increasingly Clever: You Should, Too

Determined criminals are constantly inventing new ways to access your company bank account. Sometimes they try to break in. Sometimes they try to steal your passwords and account information. But some of their techniques are designed to get you to simply hand over the money — and these cyber cons are becoming even more common.

One con we recently became aware of involved a corporate controller who received what looked like email from the company's CFO forwarding a request from the CEO to process a wire transfer. In another case, a cyber con artist registered a domain name similar to that of a large manufacturer, then bribed an employee in the manufacturer's accounts receivable department. Click here for more on how to avoid cons like these.

Cybersecurity is a Top Management Issue

If the devastating and embarrassing hacks successfully perpetrated on Target, JPMorgan Chase, Home Depot, and other established brands have proved one thing, it's that top management needs to take responsibility for cybersecurity. However, a recent Ponemon study shows that most boards of directors don't understand the risks as well as they should. 

Smart C-level executives and boards of directors are starting to recognize just how much responsibility they have for protecting the safety, security, and integrity of their networks and data. They're finally aware that cyber risk is one of the most pressing threats to the business, right up there with credit risk, liquidity risk, and operational risk. But awareness isn't enough. It takes action:

1. Educating the board and C-suite about the company's cyber risk profile
2. Finding sufficiently expert advisors to provide ongoing insight and assistance
3. Conducting regular reviews of the company's cyber risk management plans and breach readiness status 

Xantrion can help you understand your organization's risk profile and improve your ability to manage the cyber risks you face. Contact us for help building an approach to cybersecurity that reaches all the way to the top.

Sorry, Windows Server 2003, We're Through

Microsoft officially stopped supporting Windows Server 2003 on July 14. That means no more patches or upgrades to fix glitches, bugs, and most importantly, security issues. That's not a great position to be in, considering that as recently as 2013, Microsoft issued 37 patches to Server 2003, an average of more than 3 patches a month.

We know breaking up is hard to do, even when you've known for a while that it has to happen. Your legacy applications may not run on newer versions of Microsoft Server, and your existing hardware may not support them. Not upgrading is not an option, though. For one thing, running an unsupported OS puts you out of PCI and HIPAA compliance. More importantly, it's now open season for hackers on Server 2003 — and if you're still running it, you're on your own. 

It's time to say goodbye to Server 2003. If you're still relying on it, or if you're trying to prioritize the changes that upgrading is going to require, let us help you make a plan to move on.