Ex-IMF security adviser warns accountants on 'people issue'

With companies bracing for an increase in external threats such as malware and phishing, Forcepoint’s CTO, data protection and insider threat, Brandon Swafford, pointed out that internal threats from employees, either malicious or negligent, are often overlooked.

Pointing to the level of data handled by accountants, Mr Swafford advised practitioners to adopt a culture of security to ensure accidental disclosures or malicious fraud from within the firm can be easily identified and stamped out.

“It’s oddly enough the people who don’t think they are doing anything wrong, that people who are just trying to get their job done, like maybe bypassing a control or emailing it through their Gmail account just so it’s easier in their minds. The data is still being disclosed so it’s still a problem,” he said.

“From an accounting perspective, there are a lot of issues you can address and talk about that aren’t really malicious in nature but more about just people not really following the rules or not even knowing what the rules are.”

Mr Swafford said despite the increasingly exotic nature of external malware threats, it is often internal threats that are more potent due to the complexity in tracking and guarding against human behaviour or intent.

He said businesses can improve their internal security by diligently understanding their workflow and data residency, creating a culture of security, and ensuring lessons from other case studies are applied to their practice.

“A lot of small businesses are organic and just want to grow and get their work done. So part of it is taking a step back and mapping up the workflows, mapping out their data residency, mapping out whether they have any security controls in place, and what makes sense and maybe they can do it themselves or work with consultants to do it for them.”