Financial information on its own is worthless if it is not acted upon. Access to financial information has to be given to certain people without posing serious threat to its security and at a reasonable cost.
You will agree with me that financial information quickly become obsolete if not acted upon on time. Hence, managers and other stake holders need to have access remotely to financial information so that decisions can be made on time.
In this article are financial information security issues that need to be taken into consideration before giving remote access to our financial information database.
Note however that no amount of planning and implementation will give a perfect financial information security.
- Benefits (benefit analysis). A company will probably not give access to its intranet to a customer that is not worth in financial terms. There are times a company will need to allow its trusted customers access to her database of inventory. How much loss will our company suffer if that important customer could not access our information on time?
- Security of our components. For communication to take place, certain components must be present. Examples are; network devices, software, computer, etc. The question to ask before giving access to our financial information is ‘how secured are our components’. Question like; has our system been recently hacked? Could help solve this problem of knowing how secure our system is. If our system has been hacked in the recent past, then chances are that they could still easily be hacked from the end-point.
- Security of end point device. Of what benefit will it be to us if we spend millions of Naira securing our system(s) only to give access to a manager who is somewhere accessing our network or database with a laptop that is not properly secured? He/she could easily download information into a system that is not properly pass-worded. Or lost the laptop containing our confidential financial information.
- Company’s reputation. How will people see our company if we don’t give them access to real-time transaction. Bank’s customers for instance will definitely react if access is not given to them in this modern age.
- Cost (short-term and long-term). The cost of doing anything is important and this will not be an exception. Both short and long term cost needs to be put into consideration. If we set out to achieve this objective of striking a balance between; access and security, what are potential costs that may not be clear now. Estimates should be made.
- Availability of manpower. A company will obviously not get the full potential of technology acquired to meet with the characteristic of information (availability, confidentiality, reliability and accuracy) if the available manpower cannot fully utilize the asset.
- Regulatory guideline. Ignorant of the law is not an excuse. The service of legal personnel should be engaged so as not to go against the law.
- Our competitors’ action. There are times when we still need to ahead against all odd and strive to meet the characteristics on financial information need when the action of our competitors warrants it.