A recent report posted on Dark Reading's Compliance Tech Center offered security tips for publicly traded companies looking to comply with the requirements of the Sarbanes-Oxley Act of 2002.
SOX, which offers shareholders and the general public protection from fraud and accounting errors, was passed a decade ago in the wake of several high-profile financial scandals, including Enron. It established a system of controls, audit solutions, and reporting.
"To pass a SOX audit, your company must implement security best practices for any system that touches anything and everything related to financial reporting and accounting systems," the report notes.
From an IT perspective, companies should ensure that all sensitive data and authentication credentials are encrypted, common end-point protection tools are deployed and operating attack surface on all clients and servers accessing critical financial systems are reduced. Additionally, leveraging activity monitoring and auditing software can help move along the auditing process, as SOX auditors are "concerned primarily with the accuracy and integrity of your financial data," according to the news source.
California Republican Representative Ed Royce recently introduced legislation that would exempt small businesses from Section 404(b) of SOX, citing difficulties associated with regulatory compliance.