Convincing your CFO of the need for an automated T&E process
In the current day and age, the threat and impact of cyber-attacks is increasing. In January 2018, UK businesses for example, were victimized 7,073,069 times. On January 3, 2018, the US Department of Homeland Security informed 247,167 of its employees that their data had been breached. And because authorities are increasingly looking to address cyber risk and cyber security, it makes security & risk management and policy setting & enforcement paramount objectives for CIOs and CFOs.
Best practices from companies world-wide, such as Google, Deloitte and Salesforce, in regard to strengthening regulatory and supervisory practices when dealing with cyber risk, include:
Other ways to develop sound cybersecurity policies and best practices to cover all your bases include:
Ensure that centralized policy making in IT adopts a 'push' methodology, forcing new security updates onto a user's device when they connect to the network.
Conduct a thorough security audit of your IT assets and practices. This audit will review the security practices and policies of your central IT systems, as well as your end-user departments and at the 'edges' of your enterprise.
As part of your end-to-end IT audit, include social engineering, which reviews whether your employees are demonstrating vulnerability when it comes to offering up confidential information.
Get policies in place that require regular security audit reports from vendors you are considering before signing any contracts. Thereafter, your vendors, as part of their SLAs, should be expected to deliver security audit reports on an annual basis.
Provide every new employee with Cybersecurity education, with them signing off that they have read and understood the training. In addition, give a refresher course in cybersecurity practices annually to your employees company-wide.
This is a security exposure point for your organization and for IT that requires training of non-IT personnel in IT security policies and practices, as well as oversight by IT and auditors.
Put a cybersecurity policy into place that requires data backups and disaster recovery to be full-tested on an annual basis (minimally) to ensure that everything is working properly.
Physical security, like a locked 'cage' for a server in a plant that is accessible only to personnel with security clearance, is vital. Your security policies and practices should address the physical as well as the visual aspects of information.
Especially when your company operates within a highly regulated industry, regulatory compliance that concerns IT security should be closely adhered to. It is important to annually review security compliance requirements and update your security policies and practices as needed.
It is one thing to tighten up your cyber security with the implementation of the most effective technologies, but those technologies are only as effective as the companies and people who operate them. This is why it is so important for CIOs, CSOs, and others with security responsibilities, to clearly explain cybersecurity technologies, policies and practices in plain language. In a way that the CEO, the board and other nontechnical stakeholders, including Legal, Human Resources, Finance, Policy & Compliance and Training & Awareness, can understand.
Another ‘beast’ we are currently facing is complying with the European Union’s General Data Protection Regulation (GDPR), the complex set of new rules and restrictions around processing EU citizens’ data that came into effect on May 25, 2018. In short, General Data Protection Regulation (GDPR) means that businesses will need to be much clearer about the information they hold on people and give them more control over it. And even if a company has no direct EU operations, it may still need to comply. For example, even though Facebook is a US company, the rules affect how it operates in other countries, because its users are connected globally.
Of course you can look at the GDPR as a big pain in the behind, but as a CFO or CIO you could also view things from a different perspective. GDPR in a sense, is a way of thinking about your customer and employees; a way of thinking about your business that is permanent and long term. Complying with the new rules is simply good for your business. There may be some short-term pain involved but if it creates trust and better experiences, GDPR will lead to more long-term loyalty and over time better shareholder value.
Now you may wonder what GDPR actually means for your finance department in particular. Dealing with some of the most sensitive information your organization is likely to handle, is a huge responsibility. If the department suffers a breach, it is possible that there will be enough information for a criminal to take over customers’ accounts, steal funds and potentially commit identity fraud. Finance departments should therefore be particularly vigilant in their approach to compliance.
And because complying with GDPR is a company-wide responsibility, the finance department shouldn’t be left to protect itself independently. In fact, no area of the business should operate base on a siloed approach. So If you or your organization is not fully aware of the responsibilities, it is time to change that. Especially for finance departments, the following specific responsibilities have come into play:
Your organization must keep a well-managed archive of invoices at all times.
Organizations must provide customers or suppliers with records of their personal data on request. This must be provided quickly and presented in a format that the customer can read and reuse.
Organizations are required to keep internal records of data processing, and record management systems must be able to extract raw data and providing a full audit history of records kept.
On request, organizations must remove data held on a customer or supplier who withdraws consent for it to be kept.
Complying with GDPR helps ensuring that finance and accounting departments are adhering to stringent data protection standards and may completely alter the way in which the finance department operates within an organization.
Security risks should be managed with automated systems and processes, to eliminate one of the most significant security risks out there – human error.
At Rydoo we understand the importance of, and the need for an automated, bullet-proof and SECURE software system to help your finance department in safeguarding your data. We know and understand the risks and challenges you are facing, and are, literally, your partner-in-crime. As an EU-based company we, of course, are also bound by GDPR. So to stay ahead of the game, our Data Protection Officer consults on a regular basis with different law firms to ensure our compliance and keeps a close eye on all the data we process. We also take other aspects into account when it comes down to securing (y)our data, such as physical security, system security, access management and data storage. We promise, that when you trust us with your travel and expense management, we will make things a whole lot easier and safer. Not only for your finance department, but also for your entire organization when it comes down to data- and cybersecurity. We are ready for it! Are you?
Today Rydoo is exactly one year old! A lot of things have happened since our new company saw the light on June 5th one year ago. Time for a quick recap.
You might not think about medical equipment a lot, but to some people it can mean the world. Nipro is one of the world’s leading companies manufacturing, selling and shipping dialysis machines, and as a truly global company it has offices across the world — from Japan to Norway and South Africa to the US.
Vivatech 2019 was a blast. With over 120.000 attendees, 13.000 start-ups and 2.500 journalists present, the tech meet-up of the year in France is starting to take the proportions of a sizeable rock festival. Selecting some of the most promising start-ups in the realm of "employee mobility" was a tough mission, but we managed. Here's the final list of our nominees.