Internal control plays an important role in every company, enabling it to achieve its objectives by controlling the associated risks.
An increasingly important dimension of internal control is cybersecurity. In fact, technology is constantly evolving, and companies are facing ever greater and more diversified cyber-attack risks.
According to a 2017 Statistics Canada study, 21% of Canadian companies were affected by a cybersecurity incident. For 38% of incidents, the intention was to steal money or demand a ransom, as opposed to 23% of incidents involving the theft of personal and financial information .
Clearly, the more your organization uses information technology, the more it will be a target for criminals. Take, for example, a clothing store that uses an online sales platform, as opposed to a convenience store that sells its products only on-site. The clothing store is much more exposed to information security risks. As a result, it will have to implement a greater number of internal controls relating to cybersecurity. A financial institution will also be highly targeted, given its customers’ personal banking information. What’s more, most companies use computer networks that can be hacked to steal personal and financial data.
Are you prepared to minimize the consequences/avoid a cyber attack?
- Do you have a backup copy of your data? Is it encrypted?
- Do you have a virtual private network (VPN) for employees who connect to your network remotely?
- What is your validation process when an employee forgets a password?
- Have you secured your online services platform?
By choosing to conduct its business activities using information technologies, an organization exposes itself to a number of risks, both for itself and for its customers. It is therefore responsible for securing sensitive information through internal controls. It’s also important to have someone who can take over if there’s a problem with the person responsible for passwords, access or encryption keys.
Examples of internal controls :
- Firewall;
- Lock offices and premises;
- Manage access rights by profile;
- Data encryption.
Cyber attacks can occur for a variety of reasons and through a variety of methods. It is therefore desirable for a company to be fully prepared to face these threats. To do this, you must :
1. Define the risks relevant to your business
2. Identify the information assets to be protected
3. Establish an internal control process.
In addition, it is vital that the people who create, manage and monitor controls have integrity and ethics, as they will be responsible for the effectiveness of internal control procedures. Failure to do so can expose your organization to major consequences: hacking, loss of reputation, data theft.
Finally, analyzing your environment is a good way to start building an internal control process tailored to your business, and there’s no good time to do it!
We’re here to help! Write to us!
Enquête canadienne sur la cybersécurité et le cybercrime, 2017 L’article suivant présente l’impact du décès d’un p.d.g étant le seul à connaitre le mot de passe pour accéder à la cryptomonnaies : https://www.ledevoir.com/economie/547153/des-millions-en-cryptomonnaies-inaccessibles-apres-la-mort-d-un-p-d-g.
