Every day we hear about another cyberbreach, phishing attack, zero-day vulnerability to be patched. Exacerbating this challenge is the knowledge that AI tools are being used by hackers in increasingly sophisticated attacks.
This creates anxiety with busy business owners who have little time to focus on anything outside of their daily work. (That of course is another challenge we can help them with, yet that is not the scope of this article). Now is the time to ensure firm security is locked down as hackers know that when people are busy and stressed, they are most vulnerable to making a mistake. So, what can firms do to minimize the risk of being the victim of a cyberattack? Below are five security tips to protect your firm:
Employee education: Cyberthieves know the easiest way to compromise your network is to trick one of your personnel into clicking on a link in an email or text message, or to have them divulge confidential information via a phone call where hackers use social engineering to get the employee’s trust and fall for one of their ploys. Accordingly, the first cyber-step in locking down your firm is to have an ingoing Security Awareness Training program. Educating your personnel on the latest phishing and social engineering methods being utilized by hackers is critical, as well as testing them with simulated phishing emails and texts.
System access controls: Compromised logins and passwords are another way that cyberthieves hack into the firm, and our second tip is to mandate “modern” access controls. This begins with requiring the use of complex passwords that are unique to each login (a 2022 AT&T study found that 42% of users reuse the same password). Today, I recommend at least 14 characters and to store them in a password manager, which consequently can automatically generate complex password strings that are virtually impossible to guess. Combined with the mandatory use of multifactor authentication and a zero-trust mindset firms are making it much more difficult for hackers to login to your account.
Secure collaboration: Securing work with remote employees and customers is the third priority. Firms should utilize VPNs, secure emails, and portals to transact and transfer files in an encrypted manner that must be scanned for viruses and malware before opening. The use of USB flash drives MUST be prohibited for file transfer as this can easily introduce malware. In any transaction requiring the disclosure or changing of financial information, there will be a firm-mandated process to do so, as well as verification through secondary means such as an employee-initiated phone call or email to a known number/address.
Professionally managed security infrastructure: Hackers will go after any vulnerability; therefore, it is critical to ensure that all hardware and operating system applications are automatically updated. This means not only the file server and related network infrastructure applications, but also workstations, tablets, and smartphones, and all the software running on them. This takes a significant amount of effort and expertise, which is why I recommend all firms outsource their security management to a professional, enterprise-level security/cloud provider that has teams of personnel providing 24/7/365 coverage. When we review firm IT reviews, we find the worst exposed firms are those with an understaffed (and undertrained) internal technology team that are so busy that security is a secondary priority.
Security governance: Security governance includes the updating of firm security training and policies, verifying adequate cyber-insurance, and the creation and testing of the firm’s written information security plan, including disaster planning and response. It is critical that firms continue doing “shadow” copies of changed files, daily full-system backups, including transferring them offsite, and most importantly, testing and verification that the backup system is working. In the event of a ransomware attack, rebuilding the network will require access to backups.
Ensuring your firm addresses the five key priorities above will go a long way toward protecting your firm from getting breached.
???? Let’s assess if your Firm is secure
Want to know if your current security protocols are enough?
Schedule a free strategy session to learn more.
Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security
Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
|