Finance and Accounting Professionals and Cybersecurity Awareness

• Published date: 01 January 2018
• DOI: http://doi.org/10.1002/jcaf.22291
• Author: John A. Pendley
• Date: 01 January 2018

53

© 2018 Wiley Periodicals, Inc.

Published online in Wiley Online Library (wileyonlinelibrary.com).

DOI 10.1002/jcaf.22291

f

e

a

t

u

r

e

a

r

t

i

c

l

e

Finance and Accounting Professionals

and Cybersecurity Awareness

John A. Pendley

INTRODUCTION

Good cyberse-

curity practices

are just common

sense. If you’re

walking on the

street in a bad

area, you know to

be smart—don’t

flash your watch,

and protect your

wallet. Do the

same thing with

your company’s

information.

Don’t leave key

data unprotected.

Educate yourself

and everyone who

works with you.

If everyone knows

that security is

part of them,

they won’t click

on the phish-

ing link—they

won’t let the bad guy

in. (Thomas Pageler,

information security

executive, in an address

at the AICPA CFO

Conference, Denver,

CO, May 2015)

The popular and business

press devote considerable atten-

tion to cybersecurity stories.

The big data breaches and mal-

ware outbreaks are covered in

detail by the big news networks

and influential newspapers. We

are told by the major

news outlets that

cyber criminals are

lurking everywhere

in “cyberspace,” and

that their cunning is

overwhelming and

unstoppable. The

smallest gap can be

exploited, putting

at risk major pools

of assets and the

identities of anyone

who uses an Internet

browser. And the

worst of it all is that

the average citizen

is powerless to do

much about it.

This is not the

type of awareness

that is cultivated in

this article. Rather,

the article covers

active ways that

financial profession-

als can make practi-

cal improvements in informa-

tion security. Certainly, the

points covered below would

not stop a major breach, and

this advice is certainly inap-

propriate and insufficient

for highly sensitive national

In this article, the author shows how financial

professionals can become involved in creating

more secure information technology (IT) envi-

ronments. It is certainly beneficial to know the

facts surrounding large security breaches and to

have a basic understanding of the consequences

of security problems. But accountants should

move beyond that level of factual knowledge and

engage in proactive thinking about security issues

in their organizations and, ultimately, translate

this thinking into actions that can help thwart

cyber criminals. The ideas presented in this article

can be implemented by anyone in a managerial

or administrative role and include fundamental

behaviors, organizational policies, and software

tools that can help identify and prevent common

threats from illegal cyber activity. While the article

concentrates on basic security solutions, guidance

is also presented on additional steps to take when

the organization is ready to move to higher levels

of sophistication and maturity in cybersecurity

awareness. © 2018 Wiley Periodicals, Inc.

Editorial Review