Data security: A 12-point checklist for Finance

With all the hacks, breaches and other tech threats you face today, data security is a pressing, persistent aspect of your job.

In fact, 70% of companies say cybersecurity risks are a top concern now, reports security provider TROY Group. And it’s especially vital for Finance, since data security issues can lead to big informational and financial losses.

If sensitive data is compromised, your company could face high recovery costs, plummets in productivity, damaged business relationships or even legal issues.

That’s why finance teams, led by proactive CFOs, are stepping up. They’re rethinking policies, boosting internal controls and investing in new technology.

It’s not easy …

Of course, companies have the best intentions when it comes to tackling data security. But with so many potential risks, it can be hard to create an all-encompassing approach.

Finance may do a great job securing its vendor portal … but accidentally leave some employee data exposed. Or, it may upgrade to new technology … but forget to purge old systems.

Little things can get overlooked. Tiny vulnerabilities creep in.

A general assessment

To ensure nothing’s overlooked at your company, use this data security checklist from Doc-it to see, generally, where you stand. Items you leave unchecked represent potential risk areas worth addressing ASAP:

1. We have policies for where and how data must be stored.
2. Access to employee, vendor or other sensitive data is gated (i.e., password protected).
3. Our systems back up data regularly (e.g., on a daily basis).
4. We have an up-to-date disaster recovery plan.
5. Data is scrubbed from retired technology (e.g., computers, smartphones).
6. Our company sets (and enforces) retention period policies for files.
7. Employees promptly destroy all files past their retention period.
8. We don’t exchange sensitive files via email, or we encrypt emails.
9. Our company set standards for email archiving, retrieval and retention.
10. Employees don’t transport files via CDs, DVDs or USB flash drives.
11. We secure and consistently use any active online repository or portal for employees/vendors.
12. Employees don’t use public Wi-Fi to connect to company networks.

Addressing the specifics

As mentioned, the list above is not exhaustive. Essentially, it’s a starting point to evaluate your position and get your team thinking.

You can go a step further by having each finance function develop its own list of security risks. For example, A/P may address vendor TINs and banking details. Payroll may think more about employee SSNs and pay records.

With this input, you can ensure each finance function’s data security risks get just as much attention as general business security concerns.