Tighten the grip on your IT security.

In my first job as a finance director, I worked in a Victorian building that used to be a furniture depository. In addition to huge steel doors and thick walls without windows, there was a massive walk-in safe. In this safe we kept the company records. Within this was a further Chubb safe where we held our petty cash and other company valuables. I had a set of keys, as did the caretaker, who lived on the premises. With security second only to Fort Knox, I could go home at night and sleep well, safe in the knowledge that the company property was well protected.

Leaping into the 21st century, we see this ‘bricks and mortar’ security has become largely irrelevant in the new architecture and policing of cyberspace. We now have internet links into our offices, and these are becoming the break-in points for criminals.

The vendors of IT security systems put out a bullish story. Buy our products and you will be safe. The same message came out from Chubb with their products 150 years ago. However, there is a world of difference between the two environments. Accountants ignore this at their peril.

The first change is that most accountants have a very limited understanding of security technology. This means that we have no personal means of checking whether an IT security infrastructure actually works. This is in sharp contrast to the old-fashioned paper-based systems, in which we have developed a good understanding of how to audit and check for fraud.

The second challenge is that many of our organisations have rushed at lightning speed to build an internet infrastructure/presence. Fuelled by competitive pressure, sites have been launched without adequate thought on the security issues. This had led to a myriad of high-profile security breaches, which are reported almost weekly in the IT and financial press.

So how can we tackle these issues?

First, we need to invest time in learning about IT security. I would suggest this is required at a pretty detailed level, which will take resources and money. However, without this retraining, all we can do is sit on the sidelines and hope the advice we are given is correct.

With the rigours of our previous accounting training, many of us will appreciate there is no substitute for actually knowing our subject matter.

Second, we must make sure our IT systems are properly audited externally, like the paper systems of the 20th century[

Third, we need to educate our senior managers in security and in the risks of rushing an internet/e-business through.

We must push ahead without delay.

In the meantime, get what sleep you can. A hacker is only a phone call away.

– John Tate is chairman of e-business consultancy Tate Bramald. ?:

Related reading