Securing Financial Information in the Digital Realm: Case Studies in Cybersecurity for Accounting Data Protection

Md Abdullahel Kafi; Nazma Akter

doi:10.18034/ajtp.v10i1.659

Authors

Md Abdullahel Kafi Graduate Research Assistant, Department of Decision and Information Sciences, Oakland University, USA
Nazma Akter Assistant Professor, School of Business, Ahsanullah University of Science and Technology, Dhaka, Bangladesh

DOI:

https://doi.org/10.18034/ajtp.v10i1.659

Keywords:

Accounting, Cyber-Security, Threats, Vulnerability

Abstract

Securing financial information, especially accounting, is essential in the digital world. This article explores organizations' challenges in protecting accounting data from evolving cyber threats. By sharing real-life case studies and industry research, we offer suggestions to enhance the security of accounting information. These recommendations include adopting cybersecurity frameworks implementing technical defenses like endpoint protection and network segmentation, following secure coding practices prioritizing user awareness and training, creating incident response and business continuity plans, regularly conducting vulnerability assessments and monitoring, maintaining strong vendor relationships, and ensuring compliance with relevant regulations and standards. By implementing these suggestions, accounting professionals and organizations can strengthen cybersecurity measures. Effectively protect valuable financial data from the ever-growing threat landscape. Taking an approach that combines technical measures, user awareness, incident preparedness, and regulatory compliance is crucial when navigating the digital landscape with confidence and resilience.

Downloads

Download data is not yet available.

References

APWG. (2022). Phishing Activity Trends Report. https://apwg.org/trendsreports/

BBC News. (2016). Bangladesh bank hackers fail in bid to net $1bn. https://www.bbc.co.uk/news/technology-35773061

Bodepudi, A., Reddy, M., Gutlapalli, S. S., & Mandapuram, M. (2019). Voice Recognition Systems in the Cloud Networks: Has It Reached Its Full Potential?. Asian Journal of Applied Science and Engineering, 8(1), 51–60. https://doi.org/10.18034/ajase.v8i1.12 DOI: https://doi.org/10.18034/ajase.v8i1.12

Bodepudi, A., Reddy, M., Gutlapalli, S. S., & Mandapuram, M. (2021). Algorithm Policy for the Authentication of Indirect Fingerprints Used in Cloud Computing. American Journal of Trade and Policy, 8(3), 231–238. https://doi.org/10.18034/ajtp.v8i3.651 DOI: https://doi.org/10.18034/ajtp.v8i3.651

Bukth, T., & Huda, S. S. (2017). The soft threat: The story of the Bangladesh bank reserve heist. SAGE Publications. https://doi.org/10.4135/9781526411228 DOI: https://doi.org/10.4135/9781526411228

Capital One. (2019). Capital One Announces Data Security Incident. https://www.prnewswire.com/news-releases/capital-one-announces-data-security-incident-300892738.html

Chang, V., Walters, R. J., & Wills, G. (2018). Cybercrime and accounting information systems: A novel research direction. Journal of Computer Information Systems, 58(4), 334–343. DOI: https://doi.org/10.1080/08874417.2016.1261378

CISCO. (n.d.). What Is a Network Switch? https://www.cisco.com/c/en/us/products/switches/what-is-network-switching.html

Citigroup. (2019.). Cybersecurity: protective measures treasuries should be taking. https://www.citibank.com/tts/solutions/cybersecurity/

Cloudflare. (n.d.). What Is a Web Application Firewall (WAF)? https://developers.cloudflare.com/waf/about/

Deloitte. (n.d.). Cybersecurity and Privacy Awareness. https://www.deloitte.com/global/en/Industries/government-public/perspectives/urban-future-with-a-purpose/cybersecurity-an-privacy-awareness.html

Equifax. (2021). Support Regulatory & Security Compliance. https://www.equifax.com/business/identity-fraud/support-regulatory-security-compliance/

Ernst & Young (EY). (n.d.). Cybersecurity. https://www.ey.com/en_uk/cybersecurity

FORTRA. (2017). NotPetya: Timeline of a Ransomworm. https://www.tripwire.com/state-of-security/notpetya-timeline-of-a-ransomworm

Glazer, E. (2015). J.P. Morgan to Accelerate Timeline for Cybersecurity Spending Boost. The Wall Street Journal. https://www.wsj.com/articles/j-p-morgan-to-accelerate-timeline-for-cybersecurity-spending-boost-1438641746

Gutlapalli, S. S. (2016). Commercial Applications of Blockchain and Distributed Ledger Technology. Engineering International, 4(2), 89–94. https://doi.org/10.18034/ei.v4i2.653 DOI: https://doi.org/10.18034/ei.v4i2.653

Gutlapalli, S. S. (2017). Analysis of Multimodal Data Using Deep Learning and Machine Learning. Asian Journal of Humanity, Art and Literature, 4(2), 171–176. https://doi.org/10.18034/ajhal.v4i2.658 DOI: https://doi.org/10.18034/ajhal.v4i2.658

Gutlapalli, S. S., Mandapuram, M., Reddy, M., & Bodepudi, A. (2019). Evaluation of Hospital Information Systems (HIS) in terms of their Suitability for Tasks. Malaysian Journal of Medical and Biological Research, 6(2), 143–150. https://doi.org/10.18034/mjmbr.v6i2.661 DOI: https://doi.org/10.18034/mjmbr.v6i2.661

Hyde, J. (2016). AICPA Unveils Cybersecurity Risk Management Reporting Framework. AICPA & CIMA. https://www.aicpa-cima.com/news/article/aicpa-unveils-cybersecurity-risk-management-reporting-framework

IBM Security. (2022). Cost of a Data Breach Report. https://www.ibm.com/downloads/cas/3R8N1DZJ DOI: https://doi.org/10.12968/S1353-4858(22)70049-9

Jartelius, M. (2020). The 2020 Data Breach Investigations Report–a CSO's perspective. Network Security, 2020(7), 9-12. DOI: https://doi.org/10.1016/S1353-4858(20)30079-9

JPMorgan Chase. Protecting Our Systems and Customer Information. https://www.jpmorgan.com/insights/fraud/fraud-protection/how-to-protect-and-secure-customer-data

Kafi, M. A., & Adnan, T. (2020). Machine Learning in Accounting Research: A Computational Power to Wipe Out the Challenges of Big Data. Asian Accounting and Auditing Advancement, 11(1), 55–70. https://4ajournal.com/article/view/79

Kafi, M. A., & Adnan, T. (2022). Empowering Organizations through IT and IoT in the Pursuit of Business Process Reengineering: The Scenario from the USA and Bangladesh. Asian Business Review, 12(3), 67–80. https://doi.org/10.18034/abr.v12i3.658 DOI: https://doi.org/10.18034/abr.v12i3.658

Le, D. C., & Zincir-Heywood, A. N. (2019). Machine learning-based insider threat modeling and detection. In 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). IEEE. pp. 1-6.

Lika, R. A., Murugiah, D., Brohi, S. N., & Ramasamy, D. (2018). NotPetya: Cyber-attack prevention through awareness via gamification. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-6). IEEE. DOI: https://doi.org/10.1109/ICSCEE.2018.8538431

Mandapuram, M. (2016). Applications of Blockchain and Distributed Ledger Technology (DLT) in Commercial Settings. Asian Accounting and Auditing Advancement, 7(1), 50–57. Retrieved from https://4ajournal.com/article/view/76

Mandapuram, M. (2017). Security Risk Analysis of the Internet of Things: An Early Cautionary Scan. ABC Research Alert, 5(3), 49–55. https://doi.org/10.18034/ra.v5i3.650 DOI: https://doi.org/10.18034/ra.v5i3.650

Mandapuram, M., & Hosen, M. F. (2018). The Object-Oriented Database Management System versus the Relational Database Management System: A Comparison. Global Disclosure of Economics and Business, 7(2), 89–96. https://doi.org/10.18034/gdeb.v7i2.657 DOI: https://doi.org/10.18034/gdeb.v7i2.657

Microsoft. (n.d.). Security at Microsoft. https://www.microsoft.com/en-us/professionalservices/security

National Institute of Standards and Technology. (2018). Guide to Small and Medium Business Cybersecurity. https://www.nist.gov/itl/smallbusinesscyber

Noever, D. (2019). Classifier suites for insider threat detection. arXiv preprint arXiv:1901.10948.

OWASP. (2021). OWASP Top Ten Project. Retrieved from https://owasp.org/Top10/

Ponemon Institute. (2020). Cost of a Data Breach Report. https://www.ponemon.org/

Pritam, N. (2020). Money makes the cyber-crime world go round - Verizon Business 2020 Data Breach Investigations Report. Verizon. https://www.verizon.com/about/news/verizon-2020-data-breach-investigations-report DOI: https://doi.org/10.1016/S1361-3723(20)30059-2

Reddy, M., Bodepudi, A., Mandapuram, M., & Gutlapalli, S. S. (2020). Face Detection and Recognition Techniques through the Cloud Network: An Exploratory Study. ABC Journal of Advanced Research, 9(2), 103–114. https://doi.org/10.18034/abcjar.v9i2.660 DOI: https://doi.org/10.18034/abcjar.v9i2.660

RED-GOAT. (2019). Insider Threat Report. Retrieved from https://red-goat.com/insider-threat-report-2019/ DOI: https://doi.org/10.1016/S1353-4858(19)30068-6

SANS Institute. (n.d.). Security-Awareness. https://sc.edu/about/offices_and_divisions/division_of_information_technology/security/docs/security-awareness-brochure.pdf

Simkins, B. J., Parikh, A., & Isbell, M. (2020). Digital forensics in the accounting classroom: A case for expanding coverage and skills in cybersecurity education. Journal of Forensic Accounting Research, 5(1), 53-71.

Smith, J. (2017). The Equifax Data Breach: Lessons Learned for Financial Institutions. Journal of Financial Security, 42(3), 123–145.

Symantec. (n.d.). Antivirus - Symantec Endpoint Protection (SEP). https://www.alaska.edu/oit/services/software-downloads/licensed-software/antivirus/

US-CERT. (2018). Alert (TA17-132A): Indicators Associated with WannaCry Ransomware. https://www.cisa.gov/news-events/alerts/2017/05/12/indicators-associated-wannacry-ransomware

US-CERT. (2020). Advanced Persistent Threat Activity Exploiting Managed Service Providers. https://www.cisa.gov/news-events/alerts/2018/10/03/advanced-persistent-threat-activity-exploiting-managed-service/