By Tope S. Aladenusi
A few weeks ago, my friend wanted to credit my bank account with 18,000 Naira via internet banking but he mistakenly transferred 180,000 Naira. When he got the SMS alert for this transaction, he immediately called me and requested that I should help reverse the overage and apologized for the error. I replied that I had already given thanks to God for the overage and since I cannot reverse my thanksgiving, he should forget about it.

Beyond the joke, we can imagine the consequences of a company committing such an error, and the possibility of fraudulent initiatives enjoying its full course; In our new „Cashless Society , stories like the one above are likely to abound!

A “cashless society” is a policy that minimizes the use of cash by providing alternative channels for executing financial transactions. The name of this policy was changed to Cash-Lite policy by the Bankers  Committee towards the end of 2011 to correct the impression that Nigerians would completely stop using cash to transact businesses.

However, despite the change in the policy name, the associated risks are yet to change and organizations must pay adequate attention to this.

For CEOs that have the overall responsibility for the corporate governance in most organizations, the firm link between current CEO priorities and Information security cannot be overemphasized. As more companies depend on information technology (IT) to conduct their businesses, it is becoming obvious that there can be no corporate governance without IT governance, and information security is a bulwark of IT governance in a cash-lite society.

There are three core areas of information security:

Confidentiality; (ensures there are no unauthorized disclosures of a company’s information),

Integrity; (ensures that information is reliable and prevents unauthorized alteration) and

Availability; (ensures that systems are up and running when needed).

Let’s cite examples of these three core areas to illustrate why CEOs should pay more attention to information security in a cash-lite society:

Confidentiality: Since most of the financial transactions in a cash-lite society occur in electronic form, there is a greater propensity for confidential information to be stored and transmitted electronically. As more organizations include smartphones and tabloids into their corporate environment, they stand a risk of unauthorized disclosure of confidential information and high susceptibility to external attacks and insider threat.

An unauthorized disclosure of such electronic information may violate certain agreements reached with business partners and customers and has the potential to negatively affect their loyalty or erode part of a company’s shareholders value in the event of litigation.

Moreover, a recent research by The Ponemon Institute and Symantec conducted in 2010 indicated that the average organizational cost of a single data breach has increased to $7.2 million, costing companies an average of $214 per compromised record.

Integrity: In a cash-lite society, many companies will have to rely on electronic payment solutions whereby they are able to credit third party accounts (e.g. suppliers, contractors, etc.) belonging to business partners from their offices.

In some cases, adequate controls like segregation of duties have not been built into the new payment mode and such transactions are left to be done by a dedicated computer operator. An intentional or accidental alteration of a supplier’s bank account number in the supplier’s master file containing several suppliers’ details may lead to the operator crediting an “unknown supplier” with a significant portion of the company’s shareholders value during the monthly payment run.

In addition, lack of proper reviews and segregation of duties may lead to a company losing funds at the click of a button just as my friend gave away his cash accidentally.

Availability: Many organizations across the globe usually base the performance of the CEO on the increase in shareholder value achieved within the organization’s financial year. This basis for evaluation usually results to the CEO focusing primarily on bloating the organization’s shareholders’ value.

In achieving this, the company’s resources are then directed towards gaining competitive advantage, aggressive marketing, package and company-product promotions and the likes. Surprisingly, many CEOs are yet to understand the holistic picture that an increase in shareholders’ value is driven by competitive advantage which in turn drives customer retention and acquisition.

Customer acquisition and retention usually depends on trust which is a result of service quality and availability. The availability of services crucially depends on the continuous availability of Information and Information Systems.

For instance, you visit some stores or companies in Nigeria today and you are told that the POS link is down. A customer wants to pick up his goods after crediting a company’s account online, and he is told by the customer service officer that his payment cannot be immediately verified due to issues with internet connectivity. As minor as all these availability excuses may sound, they can negatively affect a company’s bottom line.

Clearly, the era of CEOs interpreting information security as an incurred cost in running the business may be inconsistent with a cash-lite economy.

An up-to-date information security program should be put in place to provide competitive advantage by achieving customer retention and acquisition, which is the keystone to the business ability to yield revenue. This may include having and implementing a risk-based information security strategy; performing an end-to-end review and reengineering of the company’s processes to align with the new cash-lite policy; ensuring agreements with third parties and payment processors are reviewed and appropriate covers exist for the company; ensuring continuous security monitoring as threat landscape changes every day in a cash-lite society.

CEOs should begin to view information security not only as a core asset in business but also as a crucial business enabler. Not viewing information security in this manner may impede the ability to develop their organization to its full potential in a cash-lite society.

* Aladenusi is an Information Security specialist at Akintola Williams Deloitte and can be reached at [email protected].