By Anna Russell, VP at comforte AG
Payment systems are complex as they connect and combine various networks and endpoints, from transaction logs to ATMs. They are essential for storing and processing payment card information, sensitive data and primary account numbers (PANs) across multiple locations. Then you have transaction log files and cardholder files which share sensitive datasets across numerous applications, from fraud detection systems to analytic programs. Given the vast range of cardholder data, and the many places it is kept, sent, and processed, it is no surprise that PCI DSS stipulates that PANs must be unreadable wherever they are stored. This can be complicated, especially as data is so dynamic, so how can organizations meet this difficult requirement?
Issues with traditional data security perimeters
Traditional security perimeters are becoming increasingly entwined with hybrid applications, as data is migrating from internal databases to the cloud or third-party applications. These complex networks make it hard to protect PANs because visibility is not assured when it comes to third-party providers. The growing sprawl of data across multiple platforms means that businesses are expected be all the more vigilant when it comes to customer data.
This is not to say that companies are leaving treasure troves of sensitive data unprotected. Generally, there are several traditional security measures in place to protect customer data. The first line of defence is often the perimeter. However, even the greatest of perimeter defences may simply present a speed bump to a determined and experienced cybercriminal. Furthermore, the boundaries of traditional perimeters are obscured by evolving storage methods, making it difficult to pinpoint where data originates. Data is perpetually being created from multiple points, superseding hard perimeters and dispersing controls throughout organizations. This makes PCI DSS compliance challenging as data is constantly being introduced, stored, and moved across multiple touchpoints; yet it must be safeguarded at all times.
Within traditional perimeter defences, most companies deploy multiple security products to protect against malicious software. However, software is evolving all the time, and if your systems and applications are not promptly patched, then it could have dangerous consequences. Furthermore, on many occasions cybercriminals have bypassed traditional perimeter defences and gained access to sensitive data without setting off any alarms. That is part of the reason why the average breach isn’t identified until 279 days after the fact. This means that there must be more intrinsic controls in place to protect sensitive information.
Another wrench in the works is the introduction of bring your own device (BYOD) policies. This makes it difficult for security teams to patrol all the devices within their network. By allowing unmonitored devices into your network, you increase the likelihood of a breach occurring from within. To counteract this, many companies are deploying identity and access management (IAM) processes to determine who is accessing applications. This restricts access to a ‘need to use’ basis, ensuring that sensitive data can only be viewed when it is essential to do so as is required by PCI DSS.
Often, the final level of protection is monitoring. This gives security teams insight into what is happening in the network, prompting action if there is any suspicious activity. When combined with IAM this may provide a comprehensive approach to data protection because suspicious activity can be linked to specific account, identifying users that are accessing data they shouldn’t be. However, this assumes that fully provisioned employees are inherently benevolent. On the other hand, even trusted workers can unintentionally facilitate a data breach. These vulnerabilities are known as insider threats and they can be difficult to predict due to the unpredictability of human nature. Indeed, an insider can be every bit as detrimental as an experienced cybercriminal.
What is the solution to protect sensitive data?
Despite the extensive security parameters being deployed, the amount of fraud that occurs suggests there is a need for more comprehensive security approach. Indeed, according to a 2019 study conducted by the Ponemon Institute spanning 16 countries, the average data breach affects 25,575 records, proving that deploying a data-centric mindset is essential (especially as each record carries an average cost of $150). As mentioned above, the average time to identify and detect a breach is 279 days. This is plenty of time to access, steal, and sell sensitive information without a trace, thereby enforcing the notion that companies shouldn’t cut corners when it comes to protecting data.
With this in mind, it is no surprise that the Payment Card Industry expects businesses to protect customer PANs. PCI DSS isn’t a heavy-handed bureaucratic trap designed to slap sanctions on businesses, but a set of guidelines to improve both security and customer relations. Indeed, breaches don’t just cause damage in terms of incident handling, but also brand reputation. If you lose customer data, they will lose faith in you. Therefore, companies should endeavour to comply with PCI DSS. There are several ways that businesses can maintain compliance. Requirement 3.4 specifies that data can be protected with tokenization, truncation, or encryption with proper key management. Furthermore, Requirement 4 calls for similar measures to protect data being transmitted over public networks.
Of the above methods, tokenization is swiftly emerging as a best practice for protecting PANs because it replaces the original data with a surrogate (token) value. Therefore, even if an attacker gets access to a tokenized PAN, it is useless to them. This addresses the root problem behind data breaches by removing the threat of breached cardholder data all together. If PANs are protected at all stages of their lifecycle, then even if there was a significant breach, customer information remains protected. Once hackers become aware that their efforts to circumnavigate perimeter controls result in nothing but useless data, then they will move on.
From accountants to advisors: changing roles and expectations
By Chris Downing, Director for Accountants & Bookkeepers at Sage
The line between strategic advisor and traditional accountant is blurring. Over the last year, 82% of accountants said their clients were demanding a wider service offering, including business and technology implementation advice. In the current climate this transition has only been accelerated.
Clients increasingly expect their accountants to take a more active role in change management and predicting their cashflow months into an uncertain future. This is enabling businesses to tackle the challenges of day-to-day operations, while keeping an eye on what the post-COVID world will look like, and the support they will need to return to strength.
To solve these new and complex, expectations accountants must develop a different way of working. They will be required to increasingly supplement the traditional, compliance and reporting aspects of their work with business advice and consultancy. To do this, accountants need the ability to move quickly and efficiently, with a firm grounding in technology and data control.
Get straight to the point
The priorities of yesterday are very different to the goals of today. Where businesses once focused on driving growth and efficiency, the objective for many now is continuity – understanding what government support is available and for how long. In the current climate, speed of delivery and client care are top of the agenda.
But the way accountants go about this is very important. Rules are changing every day – the definition of an ‘essential business’, government support and bank loan programmes are constantly in flux. In normal times, an accountant’s role is to ensure their clients are aware of and reactant to these changes. Yet, how much value does this create for them in the ‘now’?
To be valuable, new information must be delivered quickly but it should also be succinct. It isn’t useful for clients to be bombarded with email updates, or reports running into hundreds of pages, trying to explain the week’s changes. With so much present noise, it’s the accountant’s task to break through the information overload and provide the client with crucial resource only.
To understand client pain points and get to the heart of what they really need, a running dialogue is essential. Building individual client relationships will unlock the potential to deliver tailored experiences that meet their business demands. Armed with this insight, accountants can then distil complex information into digestible chunks.
A more entrepreneurial spirit
Sharing insight is only the start. The other half of the story relies on consultancy. In the Covid-19 environment, the routine aspects of an accountant’s work are being supplemented with the transformative changes they can make for clients. Cashflow projections for the next six months are crucial, but even more so is the advice an accountant can offer on improving the financial outlook of a business.
To provide this balance, accountants should embrace a more entrepreneurial way of thinking. Not only advising on how clients can meet current challenges, but also how they can innovate to drive new revenue streams in the future. Part of this means being willing to step outside of their comfort zone. Many firms are already investing in the skills and technologies they need to service novel demands – like advising on relevant accounting and finance technologies.
While many businesses remain closed to the public, even as lockdown eases, they have increased capacity and flexibility to shift operations towards what will be most effective and profitable. Clients will be open to changing their business focus to meet demand spikes in other areas as they do not have to account for a disruption to customer service. For example, many distillers shifted production from beverages to hand sanitiser while bars and restaurants were closed.
With their contextual understanding of client finances, accountants are uniquely placed to advise their clients on change and guide them through the transformation process. Though this requires a more innovative model of accounting, and one that is willing to embrace the latest technologies.
Truth in the cloud
Business advice needs to be backed by data, especially for accountants engaging directly with the CFO. Scenarios need to be modelled, analysed, tracked and compared over time to arrive at the most effective proposal for the client. This is outside the wheelhouse of traditional accounting, but it’s becoming necessary in an industry heavily disrupted by new technologies.
To keep up with the ever-growing need for rapidly available data and analytics capabilities, more and more accountants are turning to the cloud to consolidate and use their data estate, while automating the time-consuming tasks of data management. Indeed, the majority (91%) of accountants have said new technology has delivered fresh value to their business in the last year, whether it increases productivity or frees up more time to focus on client needs.
Against the backdrop of coronavirus and technological disruption, a new breed of accountant is quickly emerging. Innovation is possible for those who stay ahead of client expectations and are aware of their needs, embrace an entrepreneurial mindset and adopt the latest cloud and automation technologies. In this way, an accountant becomes an integral part of their client’s business.
Preparing for the new normal and building a financial plan
By Donna Torres, director of small business at Xero UK
There is some light at the end of the tunnel for small businesses. As the lockdown continues to ease many retailers and hospitality businesses are now opening up again, or preparing to return soon.
Preparing for what’s around the corner has always been key to business success. Whilst there is still much uncertainty, it’s more important than ever that businesses get in control of their finances and create a solid plan.
Having a strong understanding of your cash flow and a plan for the months to come is vital to helping you prepare for what’s ahead. If you’re unsure where to begin, here are five ways to start:
Financial experts Lauren Harvey (Founding Director of Full Stop Accounts) and Jonathan Graunt (Founder of accountancy firm FD Works and Xavier Analytics) recently spoke with Xero about the uplift in businesses taking an interest in their finances and understanding their financial position.
Businesses should be using this time to review their processes and really understand their numbers. It can be helpful to reflect on your original statement – what do you really want your business to do? And has the pandemic changed this? Use this as the fuel to drive your business vision forward.
Consider the risks
The government has provided SMEs with a number of support schemes, but the conditions and capital being offered is changing.
For example, the Furlough Scheme will currently only run until the end of October and the deadline to furlough new employees has now passed. The government will also gradually be reducing the amount it pays under this scheme. Make sure you’ve accountanted for this in your financial plan so you have a clear picture of how furlough tapering off will impact your business and any adjustments you might need to make.
If you’ve taken out one of the Government backed loans, now is the time to start building repayments into your financial plan. Building a solid plan will also help to ensure that you use the money in the best way to support your business in the long-term. It can be tempting to fight the most immediate fires with your capital, but try to think about the longer term health of your business – and where the money is going to have the most impact.
Adapting to a change in demand
Covid-19 has forced businesses to adapt to a lot of changes and SMEs should be thinking carefully about how their customer demand has changed. What do customers expect from you now? For example, many are still apprehensive of shopping on the high street. This might mean some of the options you offered during lockdown like deliveries or online services should remain.
Communicate with your customers as much as possible to get an accurate view of what they need from you now and in the future. How can you fulfil this? Then it’s important to look at the numbers and scrutinise which areas are going to provide the most return on investment.
Financial Planning: where to start?
For financial planning to be effective, it’s helpful to get into habits that will provide an accurate snapshot of how your business is performing. Reconciling bank transactions daily, creating a daily simple cash flow check-in habit and examining your profit and loss statements weekly will give you a better understanding of where your business stands.
Apps like Float or Fluidly will help to give you an accurate look at your cash flow in an easy to read visual. And the recently launched Xero Short-term Cash Flow tool can help you project your bank balance 30 days into the future, showing you the impact of existing bills and invoices if they’re paid on time. You can then work out which invoices you should follow up on.
Some people can find this task daunting, but your accounts aren’t just being kept for reporting to HMRC, they are also there to give you invaluable insight into your business and to plan for the future.
Ask for help
Your accountant is there to help you to understand your finances. This is likely to be one of the biggest economic challenges you have ever faced as a small business owner. Now, more than ever, it is time to lean on your accountant to help create a robust plan.
If you do not understand something, or need guidance or clarification, get in touch and ask for their expertise and advice. If their advice doesn’t help, ask them to explain it again.
You can also check out Xero’s online guide to managing cash flow here.
The impact and implications of Covid-19 on financial reporting
By Mark Billington, Regional Director, Greater China & South-East Asia, ICAEW
The economic consequences of Covid-19 have been unprecedented, affecting activity in nearly every country in the world. Indeed, the latest forecast from the Institute of Chartered Accountants in England and Wales (ICAEW) projects that most economies in South-East Asia (SEA) would fall into recession in the first half of 2020 and Gross Domestic Product will contract by 1.9 percent over the whole year. Across the region, governments have had to bring in various fiscal stimulus measures to protect the economy.
Exceptional times bring tremendous challenges for businesses and requires leaders to have a clear view on the short- and long-term effects of Covid-19 on their businesses, and to respond accordingly. This starts with taking extra care to recognise the impact of Covid-19 in financial reports, especially of events which have occurred between the balance sheet date and the date when the accounts are authorised for issue.
Distinguishing between adjusting or non-adjusting events
As the coronavirus outbreak continues to evolve and more information comes to light about the nature of the virus and its impact, companies with 2020 year-ends need to consider how it has affected their business and how the effects should be reflected in the accounts at the end of their reporting period. This boils down to distinguishing whether Covid-19 should be accounted as an adjusting or non-adjusting event.
In December last year, China alerted the World Health Organisation (WHO) to several cases of an unusual form of pneumonia in Wuhan, central China’s Hubei Province. But it was only early this year when substantive information on what has now been identified as coronavirus (Covid19) came to light. As a result, for companies with a 31 December 2019 year-end, Covid-19 is generally considered to be a non-adjusting event.
This changes for companies which have early 2020 year-ends, who will need to consider the timelines more carefully to assess the conditions at the end of their relevant reporting period. For companies with 31 March 2020 year-ends, Covid-19 is likely to be considered a current-period event, which means that companies need to assess and record all events and conditions that existed at or before the reporting date. When it is determined to be an adjusting event, a business will need to review all areas of the accounts that might be adversely affected by the COVID-19 virus.
There may be a greater degree of judgement required when identifying the conditions at the end of the reporting period, and a closer assessment needed of whether developments are adjusting or non-adjusting.
Exercising judgement about conditions at the balance sheet date
Companies have to exercise significant judgement to determine the conditions that existed at the balance sheet date. This is heavily dependent on the reporting year end in question, the company’s own individual circumstances and the events which are under consideration.
A number of factors should be considered when making judgements about conditions at the balance sheet date. This includes the timing and impact on stakeholders such as staff, customers, and suppliers, of travel restrictions, quarantines and lockdowns, closure of businesses and schools; and government support initiatives. With each of these events, companies have to determine whether an event shines a brighter light on conditions at the balance sheet date or if conditions changed after the reporting date.
This evaluation in financial reporting is important because it affects the forecasting of future income and cash flows, which are based on conditions that existed at the balance sheet date. Estimating recoverable amounts might be very different for the same asset if the calculation was performed for a 2019- or 2020-year end.
Upholding values of corporate transparency and trust
In these times of uncertainty and crisis, it is even more important to be transparent about risks and assumptions used in financial reports, and to make disclosures as specific to the business as possible, to avoid the risk of financial reporting being downplayed. In fact, market regulator Singapore Exchange (SGX) and rating agency Fitch Ratings have recently cautioned companies against using alternative performance measures such as Ebitdac (earnings before interest, taxes, depreciation, amortisation and coronavirus) in their interim financial reports to flatter results, and stressed that “disclosures must be balanced and fair and avoid omission of important unfavourable facts”.
More than ever, businesses must continue to diligently uphold values of corporate transparency and trust and continue to disclose transparent and quality information to investors and other stakeholders. In order to do this, directors are tasked with the important responsibility to comply with various reporting standards and understand the circumstances of particular disclosures to provide a fair and balanced assessment of the company’s financial position and performance.
Covid-19 also has significant implications for audit reports on company financial statements. Preparing and auditing financial statements poses tough calls in difficult and unclear circumstances for directors and auditors. It is vital that these uncertainties are interpreted appropriately and in the context of the current unprecedented circumstances
As the business impact of COVID-19 continues to unfold and affect economies and the future of many organisations, businesses should continue to consider both their situation but also the wider economic landscape they operate in and reflect that in their financial reports.
 SGX warns against use of ‘earnings before coronavirus’ metric, The Business Times, 27 July 2020
EeaseUS Free Data Recovery Software Recover Lost And Erased Documents
Have you anytime inadvertently masterminded erased or lost data from your work territory or PC? In case along these lines,...
Shawbrook Bank “cautiously optimistic” as it Publishes Half Year Report for 2020
Financial performance impacted by the pandemic Expected credit loss (ECL) charges of £45.8 million recognised on loans and advances to customers...
Shining a spotlight on operational resilience and cyber-risk in financial services
By Miles Tappin, VP of EMEA for ThreatConnect, explores why the financial services industry must build a cyber security strategy...
Front line strategies for responding to the COVID-19 crisis: Experiences from legal team leaders around the world
By Diane Dix – General Counsel, Total Safety, Marc Michael – Chief Counsel, Global Dispute Resolution, AES Corp, Tim Williams...
Reinventing Your Digital Marketing Strategy Post-Covid
By Paige Arnof-Fenn, Founder & CEO Mavens & Moguls I started a global branding and marketing firm 19 years ago. Marketing...
The impact of a recession on your pension
By James Turner, Director at Turner Little The stock market is beginning to show signs of life as measures introduced...
From accountants to advisors: changing roles and expectations
By Chris Downing, Director for Accountants & Bookkeepers at Sage The line between strategic advisor and traditional accountant is blurring....
Trust matters more than ever in an uncertain world
By Zac Cohen, COO, Trulioo Trust in the time of COVID-19 Perhaps more than ever before, retail and investment banks...
Banking beyond the office
By Tim Hood is the Associate Vice President for Hyland in EMEA. Following months of unprecedented challenges, the global...
Rethinking business travel post-pandemic
By John Charnock, CEO of StressFreeCarRental.com. All over the world, governments are still working to contain COVID-19. Worldwide lockdown measures...