Are You Driving Without A Seat Belt? It’s Time to Review Your Cyber Security Program
Read
Reviewing your cyber security program should no longer be optional. A well-developed cyber security program is comprehensive and includes activities for identification, prevention, detection, response and recovery. Ignoring your cyber security program is like driving in a car without a seatbelt. As the news of Equifax’s recent data breach unfolds, you’re probably getting the feeling that Equifax wasn’t buckled up.
If you have a credit report, it is very likely that your personal data was exposed in the Equifax data breach. This cyber security breach affected 143 million Americans by making their personal information available to hackers, including Social Security numbers and other pertinent financial information. According to its own disclosure, it looks like Equifax could’ve avoided the breach by enforcing commonly accepted security procedures – like patching the compromised application.
Hackers are targeting companies of all sizes in a number of different ways, including phishing emails, password stealing malware, and ransomware. Hackers are just waiting for us to make a mistake in our security procedures, so you might feel like your organization is under constant attack. For some of us, they take advantage of weak or nonexistent security procedures. There is no doubt that we face serious cyber threats in today’s environment, and you or someone you know may already be victims of a cyber attack.
To improve security programs and avoid the consequences of a cyber security attack, such as wire fraud, network shutdowns or malware, Kaufman Rossin recommends that companies reference Small Business Information Security: The Fundamentals, a guide issued by the National Institute of Standards and Technology (NIST). Following these practices puts an immediate action plan in place to help your business minimize the risk of a devastating data breach:
Identify
- Identify and control who has access to your business information
- Conduct background checks
- Require individual user accounts for each employee
- Create policies and procedures for information security
Protect
- Limit employee access to data and information
- Install surge protectors and uninterruptible power supplies (UPS)
- Patch your operating systems and applications
- Install and activate software and hardware firewalls on all of your business networks
- Secure your wireless access point and networks
- Set up web and email filters
- Use encryption for sensitive business information
- Dispose old computers and media safely
- Train your employees
Detect
- Install and update anti-virus, spyware, and other –malware programs
- Maintain and monitor logs
Respond
- Develop a plan for disasters and information security incidents
Recover
- Make full backups of important business data and information
- Make incremental backups of important business data and information
- Consider cyber insurance
- Make improvements to processes, procedures and technologies
Data breaches aren’t likely to stop any time soon. Have you buckled up? Bolstering your cyber security program and implementing the practices above can help your business address cyber attacks and related risks before they occur. Contact us or another member of Kaufman Rossin’s IT security consulting team to learn more about managing your company’s data security challenges.
Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.