Cybersecurity Considerations for Your Business

1.20.20

With the growing risk of cyber‑attacks, the importance of cybersecurity is at a peak.  There was an estimated $2 trillion in damages due to cybercrimes in 2019 and that number is expected to grow to $6 trillion by 2021.  In the first half of 2019, there were approximately 3,800 reported breaches with over 4.1 billion personal and business records compromised, which was a 54% increase compared to the first half of 2018.   It is evident that cybersecurity is vital for any organization; especially smaller organizations that may not have a strong focus or resources for cybersecurity.  According to the Federal Bureau of Investigation Internet Crime Complaint Center, only about 10% of cybercrimes are even reported.  Even with cybersecurity protocols in place, it can take up to six months to realize a data breach has occurred.  It is important to know your company’s exposure to cybersecurity risk and plan for ample protection.

 

Among the greatest cyber risk areas are the following: 

  • Cloud data storage – Choosing the right provider, breaches through Application User Interface, and cloud abuse.
  • Social hacking – Phishing emails that include links or documents contained in emails that can be malware or phone calls to gain unwarranted information.
  • Weak passwords and no two‑factor authentication.
  • Patch management of software – Not keeping software up to date can create critical vulnerabilities that can be exploited.
  • Cybersecurity of partner organizations that you work with – Attackers can access an organization’s network even if they have strict cybersecurity protocols when a third‑party organization (client) is breached.

 What are some best practices for businesses protection? 

  • Perform a cybersecurity risk assessment – Find organization’s IT vulnerabilities and address them.
  • Make sure sensitive data is properly password protected – This includes data stored on laptops, removable drives, mobile devices, cloud‑based services, and even hard copies of records.
  • Keep software updated – This protects against any weak links that can be exploited.
  • Contract with an outside cyber security provider that can perform network penetration tests and expose vulnerabilities in your network.
  • Implement a security monitoring system to become aware of potential problems – Automated monitoring systems by third‑party organizations with alerts reviewed as soon as possible.
  • Ensure employees are consistently trained in IT security policies – This includes protocols for when breaches occur.
  • Develop and test a continuity plan for when unexpected events occur.
  • Obtain a cybersecurity insurance policy – Cybersecurity coverage can help to mitigate the cost of damages incurred when breaches occur.
  • Understand cybersecurity policies and procedures at your partner companies, including third‑party service providers – Service Organization Control audits performed by a reputable CPA can provide valuable insight.

 How can your CPA help? 

  • We are business specialists – We can use our understanding of your industry and operations to offer perspective on where risks might lie.
  • We can assist with the design, implementation, and assessment of internal controls, including those surrounding electronic data and cybersecurity.
  • Dannible & McKee, LLP specializes in Service Organization Control audits and consultation to implement proper controls and has vast experience with many businesses across a wide range of industries.

There are many potential threats that could jeopardize an organization’s cybersecurity integrity and cause much more damage than leaked information.  It can lead to vital information about a business that can cause it to go out of business.  Even large corporations such as Yahoo, Target, LinkedIn, Uber, Facebook, and many more have had major data breaches with millions of user’s personal data records accessed without authorization.  This is a serious threat that cannot be taken lightly.  With the cybersecurity market growing, there are many ways to mitigate these potential threats.  Having a plan of action to protect your business and react if a breach attempt occurs is imperative to maintain the safety and security of your company’s data!

Contributing author:  Benjamin A. Sumner, CPA, is an audit partner with over nine years of experience providing auditing, accounting and consulting services to a wide variety of privately-held businesses. Contact us to learn more about how we can help.