Chief financial officers are in a unique position to weed out cybersecurity issues within a firm, one CFO panelist said at Private Equity International’s CFOs & COOs Forum 2019 in New York on Wednesday.
“Cybersecurity is a huge deal for the SEC right now, as it should be,” the panelist said. “The CFO and the people that work under the CFO are in a unique position to see how sensitive data moves between the firm internally, limited partner investors, external regulatory bodies and third-party investors. [CFOs] have a unique view to find out where the chinks in the armor could be.”
Cybersecurity is a top concern for the SEC. The agency released its 2019 priorities in late December, with cybersecurity on the list for the third year in a row, another panelist pointed out. Phishing attempts – when someone impersonates another through email in order to steal personal information like passwords and credit card numbers – and hacking attempts have been increasing over the past few years.
Some firms emphasize the importance of performing mock cyber phishing attempts on their own teams to see whether employees are prepared.
“Executives aren’t the only ones targeted, they also target people in administrative roles,” another CFO panelist said.
Last year, the SEC started to incorporate cybersecurity in its examinations of private equity firms, pfm reported in October.
One forum delegate mentioned that their firm had to drop its previous third-party IT provider because it “didn’t know what it takes” to keep the firm’s data secure. That firm now implements several tools to enhance its data security.
“We perform annual cybersecurity audits, we have laptop encryption, identification to get into emails as well as your laptop and mobile device management, and automatic password resets,” the CFO said. “We’ve taken this very seriously in light of the SECs concerns and our concerns as well.”