- Dear CFO, How Secure Is Your Data?

‘With great power comes great responsibility’- Uncle Ben, Spiderman

Data isn’t only power, it’s also security. Clearly there is every reason to take data compliance security seriously. The biggest risk comes from doing nothing.

Compliance data is the lifeblood of your organization and is the prime target of market insiders. Your many reports and unpublished financial data exchanged with the regulator may directly come under the purview of cybercriminals if dealt with in an unsecured manner. Studies show the vulnerability of this financial information stands on thin ice. But how is it that even possible, you may ask? Below we take a closer look at how secure your XBRL data really is and why it matters.

1. Uncover the most pressing hidden risk: Outsourced Conversion Service through Email-

Typically companies send their financial reports to their outsourced XBRL/HTML providers through emails. Emails are the most insecure way to send across financial reports, especially if they contain highly sensitive unpublished data. Emails are prone to virus attacks and other cyber security risks. Apart from this, humans could also be a point of data misuse. The documents that you send to a financial printer are handled by multiple team members from the Financial Printer team. Data leakage by any member of the team can cause the financial printer unimaginable impacts and consequences.

How to overcome this?

  • Secured File Transfer Protocol (SFTP) :SFTP is the best solution for handling financial reports from one system to the other. As part of IT security systems, it is recommended that your financial printer or disclosure management provider has a Secured File Transfer Protocol (SFTP) system in place. The SFPT system is a secured channel which filers can share their financial reports. The data is encrypted and therefore ensures even higher levels of security.
  • Employee Background Check and Stringent Disciplinary Policies :It is imperative that the employees of the financial printer have a sound screening process including background verification, criminal checks and also have clauses in the employment agreements covering the fact that all data that the employee deals with is supposed to be highly confidential and for no reason will there be a breach in confidentiality clauses. In the event of such breach, there would also be severe disciplinary consequences.

2. Thwart hidden attacks on in-house solutions-

The early years of this decade has seen a trend in taking the SEC compliance using SaaS offerings. Below are the key aspects that you need to keep your eyes and ears open to:-

  • Data HostingIt is of utmost importance to know where your SaaS provider hosts the data since the financial data is on the cloud. Any issues with the data center availability would result in a situation where the SaaS platforms are unavailable for access and use. There are some popular data hosting options as Microsoft Azure, Amazon Web Services who provide a range of hosting options like Platform as a Service (PaaS) or Infrastructure as a Service (IAAS) based on requirements and who offer high availability of the data centers. It is advised to check if your SaaS provider is using a well reputed hosting option.
  • Security Audit CompletionThere are several security audits for software and service providers out of which the SSAE 18 is the most stringent audits. The SSAE 18 security audit is based on standards defined by the American Institute of Certified Public Accountants (AICPA) and focuses on internal control over financial reporting. Tying up with a service provider which has completed the SSAE 18 audit is a big plus.
  • SSL certification and Data Encryption LevelIt is well known that data is core to financial reporting and it is important to make sure that it is secured by encryption so as to prevent misuse.Similarly, hardly a day goes by without updates of security attacks on banks, email solution providers or other areas where sensitive data is present. Cloud-hacking such as this; is no exception. Having an SSL certification in place for the SaaS solution helps to add another layer of security to the SaaS product.

If the financial information of a company is accessible to outsiders, it is imperative to have checks in place to have this reversed. It is very important for organizations to understand how their unpublished quarterly/annual report information is being handled- this starts right from how the documents are sent for XBRL/iXBRL conversion or the manner in which support has access to such classified information.

How can we help?
Our Company, IRIS has experience of over 14 years in compliance reporting and has developed SaaS solutions across various business lines.

We specialize in XBRL/iXBRL reporting, we have developed a cloud-based SaaS offering, IRIS CARBON® that helps companies and partners meet with the regulatory reporting requirements. Currently, IRIS CARBON® helps filers meet the XBRL/iXBRL reporting requirements in the US (SEC), South Africa (CIPC), Europe (ESMA ESEF), UK (HMRC), Ireland (Revenues) and Italy (Infocamere).

We hope this article has given you insights into what aspects you need to look for in terms of data security. If you have any queries around data security or SaaS offerings feel free to email me at anu@iriscarbon.com