First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

3 Cybersecurity Tips for Finance Chiefs

The cybersecurity landscape has become considerably more complex over the last decade. Between the rapid adoption of remote work and the proliferation of new tech tools, finance chiefs and their IT counterparts are grappling with an ever-changing set of potential vulnerabilities.

Hackers, whether working on their own or as part of wider criminal rings, have stepped up their attacks in an era of “deepfakes” and artificial intelligence-generated content. In just one example, in early 2024, an employee at a Hong Kong-based multinational was tricked by a deepfake video of the company’s CFO into transferring over $25 million to multiple external bank accounts.

Daniel Tobok, CEO of Miami-based cybersecurity firm Cypfer, noted that cyberattacks have been around for the better part of the last two decades. What’s changed, he said, is that hackers are finding ways to monetize their efforts and extract funds from victims.

“You can be in different places around the world, and as long as you have a strong connection and a laptop, you can get online and cause damage,” Tobok said in a Tuesday interview.

There’s been at least one legislative effort to stop deepfakes from wreaking financial havoc. In June, a bipartisan pair of senators introduced the Preventing Deep Fake Scams Act, which, if passed into law, would create a task force that would study “issues related to artificial intelligence in the financial services sector.”

The law, evidently, is still catching up to technology. In the meantime, Tobok offered a few tips for finance chiefs to stay ahead of cyber threats.

1. Finance Leaders Need to be Involved in Their Companies’ Cybersecurity Efforts

When Tobok’s team is called in to help a client after a breach, they’ll typically ask him what they can do to ensure it doesn’t happen again. Tobok often replies with a question of his own: Who’s on your cyber committee?

If they don’t mention a senior-level finance employee, Tobok said, “that’s your first problem.”

As he sees it, finance leaders’ input and company knowledge are critical in cyber defense initiatives. Tobok estimates his firm investigates upwards of 2,500 cyber incidents a year, and about a quarter of them involve wire fraud. An organization’s finance department, he said, is often the chief target for hackers.

“Cybersecurity is not an IT problem,” Tobok said. “It’s an operational, legal and financial issue for any organization.”

2. “Data Hygiene” is Paramount in Any Automated Workflow

As companies race to find ways to incorporate new forms of artificial intelligence into their workflows, they’ll need to be even more conscientious about protecting their data, Tobok said.

AI tools rely on piles of data, and if the datasets become compromised or corrupted, it can have compounding consequences. Tobok noted that attacks involving “data poisoning” — compromising a company’s own internal data — have been starting to increase. “Threat actors are going to the source,” he said.

To fend off potential attacks on data, Tobok urged scrupulous documentation of who is uploading, saving or using company data. Limiting the number of administrators who deal directly with data can be helpful, too, he said. “You’ve got to have a systemic way of ensuring nobody [outside your organization] has access to your data,” Tobok said.

3. Remote Work Has Its Own Vulnerabilities, but There Are Workarounds

Your corner coffee shop might be a favored out-of-office spot for you or your employees to work, but Tobok noted that public Wi-Fi networks have their own vulnerabilities. He advised using a VPN if using public Wi-Fi. A firewall doesn’t hurt, either.

In fully remote or any work-from-home scenarios, company leaders need to ensure their employees' laptops and home internet connections are protected. In some cases, “your security is only as good as someone’s home router,” Tobok said.

 

This article was written by Dan Niepow from CFO.com and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe