No rain on my parade! Securing cloud tools for higher-quality reporting
The global impact of Covid-19 has touched all aspects of doing business. Across different regions and industries, we are seeing varying reactions and resilience and it is crucial to be able to report back to investors on these changes. The virus does not discriminate, and yet it has been very unfair on certain companies. Where some have thrived, you wonder whether others will continue to exist at all beyond the next quarterly report.
Arguably it makes sense to retire the term ‘new normal’ and proceed with permanent change in investment reporting and the surrounding communications. Key speakers at the IR Magazine Global IR Forum 2020 emphasized the need to organize data for forward-looking analysis. Quarterly and ESG reports are helpful to answer certain questions, but are fundamentally ‘past’ data.
To attract investors and capital from now on, it would be more useful to look forward to show on a 12-month rolling basis what cash amounts are needed at a given time, and whether or not the company has that cash. It can be assumed that the top-line figures will be down. Seek to answer the question: with the right investment, where will we be through to at least 2022?
With restricted contact and movement, collecting the data to answer the important questions will be no easy feat. More than ever, an increased dependence on cloud and online collaboration is shaping modern communication. A key example for investment reporting is that periodic audits and initial visits to off-site and international locations are now beginning to rely on videoconferencing.
As we rely more and more on technology platforms, we expose ourselves to vulnerabilities, both those we can say are well known and developing cyber-threats that may specifically target your tools, your company or your users.
As discussed in a recent webinar hosted by TranscriptionWing (Be prepared: How evolving data security protocols impact your role), data security is now a business issue, not just a technology issue. Data breach is regarded by many security experts as an inevitability; the secure transcriptions service provider also emphasizes that the greater risk to your business partner and investor relationships is therefore found in a company’s security strategy and preparedness for response.
Taking this into account, it is now essential to have a thorough understanding of the cloud tools your company relies on and how they work. What is it that makes the company money? The sharing of information and the exchange of data are, more likely than not, key to the business, at least to operations. Even where business-critical tools are internal or proprietary, most businesses rely on external vendors such as email platform providers. What happens if a C-suite executive’s email account is compromised?
Security company KnowBe4 issued a recent report assessing that there has been a 600 percent rise in phishing email attacks worldwide, with Google blocking around 18 mn phishing emails related to Covid-19 per day. And this is data from just the first quarter of this year. The security risks lie not necessarily in the tools and methods themselves, but rather in not knowing or not having a thorough understanding of where and how your information is shared.
This is particularly true of free online services. Even notable providers have struggled to maintain adequate levels of security while scaling to the incredible increase in demand among the new study and work-from-home environments. If you haven’t done so already, now is the time to solidify your understanding of tools – and the cloud in particular – to make full use of the security configurations available to you to enhance the quality of your data and, in turn, your reporting.
What is the cloud? It is essentially using a technical infrastructure located somewhere else in order to manage your data. It is a shared pool of computing resources know as hardware and software being offered with full scalability to different types of consumers, from the general public to global businesses. The end result is a service provided in a utility model, very much comparable with traditional utilities like gas and electricity: you pay for what you use. Such a utility model is offered in what can be identified as different service tiers:
There are, of course, pros and cons to be considered with each tier of service. You may discover that it is unacceptable to you or your clients to share networks and servers with other unknown entities. Aligning to a forced maintenance schedule may also be problematic, particularly as in many cases software updates are initially fraught with bugs or issues that are subsequently fixed and updated later on – where you as the user are a test study. The advantages of a wider reach of managed control over your third-party cloud environment are clear.
Differentiations in the type of service is only one in a list of top cloud vulnerabilities. The one deserving of the most consideration for end-users and company IT teams alike is misconfiguration. Something as simple as not enabling encryption can result in a breach of data privacy laws. Configurations for access control such as multi-factor authentication, single sign-on and password recovery can greatly reduce the likelihood of account compromise.
So what does this mean for you and reporting? Perhaps you use an openly accessible, free service for your investment call. Are your calls recorded and automatically transcribed? Where are they stored? The consequences of the answers to these questions will largely depend on the types of information you are sharing over audio or videoconferencing calls and the corresponding need for greater or lesser security and confidentiality.
It is not only cloud security that can put you at risk. We can make a case for the importance of private, closed systems for investment calls. The perceived comfort of an operator-assisted conference call does not guarantee security. Further questions to ask may assist you to assess your security position:
- Have confidentiality agreements been signed by the operators?
- Are restrictions in place to prevent them from posting some of your content on the internet or social media?
- What happens to the records that are collected of who attended a call?
- Where are call recordings stored? How long are they held?
- Is a further third party used for machine transcription, or are they shared with a human team?
- How are audio recordings transmitted to the transcription team?
- Have transcribers had background checks?
- What other security mechanisms are in place?
These are important questions that deserve attention. By paying attention to these issues, you can mitigate your risk. The best vendors become your partners in assuring your security.
We’re here to help. Contact us to learn how to start.
Jennifer Morehead, managing security & compliance officer, Civicom® TranscriptionWing™