GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

By Neil Taurins

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority.

Related: SMBs too often pay ransom

Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association.

Nonprofits are equally at risk, and often lack cybersecurity measures. According to Board Effect, 80% of nonprofits do not have a cybersecurity plan in place.

Given the risk involved, small businesses and nonprofits must consider prioritizing cybersecurity policies and practices to stay protected, retain customers, and remain successful. Financial information is one of the most frequently targeted areas, so it’s crucial your cybersecurity policies start with your finance team.

Taking an active role

Your cybersecurity policy should address your employees and technology systems.

Employee training is crucial. According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches were caused by human error, with phishing and text message phishing scams being some of the leading causes.

Training team members regularly with real-life scenarios will help them spot potential threats and protect them from exposing your business.


It’s also essential your business evaluates its technology and keeps it regularly updated to the latest security standards. For example, your accounting technology should have features that work to protect your data, like internal controls, multi-factor authentication, or an audit trail that documents change to your data.

Consider these four best practices as the core of your finance team and business’ cybersecurity plan:

•Regularly update and back-up your data systems. Security places a crucial role in your technology. In the era of cloud computing, where programs and your information can be accessed anywhere, your business needs to keep its software up-to-date and back up critical systems. Cloud vendors often handle the security and backup processes automatically, so examine your technology and see if that is the case. If not, implement a plan to back up your information regularly and update your technology to the latest versions. These back-ups can also be used to form a disaster recovery plan in the event of a natural disaster.

•Set access privileges and internal controls. Best practice is to require teams to use enhanced security measures like strong passwords that are changed regularly and multi-factor authentication to ensure your team is the only one accessing financial information.

Also consider creating a policy for which employees can access which types of data. When multiple members of your team can easily access a wide range of data without internal controls, it creates vulnerability. Your team’s information is crucial, especially regarding financial information. Your technology should feature internal controls. Internal controls segment your company’s information by title or role and grant access to only the data they need.

•Monitor team member access through audit trails. Your accounting technology should be equipped with an audit trail that logs every change made to your data, including user data and the workstation from which the user has made the change. Monitoring who has made what changes protects your business and holds team members accountable for safe IT practices.

•Adequate IT compliance. Every business has a standard of IT compliance that team members are accountable for upholding. First, it is crucial to have systems that adhere to regulations, laws, and general industry standards. If you have concerns about protecting your financial data, consider hiring a data protection officer or an outside firm to help you maintain compliance.

No one person can prevent cyberattacks alone. The secret sauce is that it takes a thorough cybersecurity policy and a team committed to keeping your business finance and accounting teams safe. Stay proactive. Stay educated. Stay safe.

About the essayist: Neil Taurins is the General Manager of Nonprofit Solutions at MIP Fund Accounting by Community Brands. He has been with the company for over 12 years and is passionate about working with government organizations and municipalities to provide them with solutions to improve efficiency.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone