Scary Cyber Stories: Top 5 Action Items (Part 3)

Cyber and information security breaches have been on the rise for the past several years, but due to the COVID-19 pandemic, such events have accelerated. With increased remote work and high employee stress levels, cyber criminals are taking advantage of vulnerabilities. In order to help organizations overcome emerging challenges and support them in their journey toward increased cyber readiness, we are sharing a series of scary cyber stories throughout October in recognition of Cyber Security Awareness Month. Don’t let these scary cyber crimes happen to your organization!

In part 1 and part 2 of our Scary Cyber Stories series in support of October’s Cyber Security Awareness campaign, we discussed the root causes of a number of recent client incidents ranging from weaknesses in their IT systems to lack of proper employee training.

Numerous tools and solutions have been developed to better secure IT systems and processes and guard against these types of incidents. We are strongly encouraging our middle market clients to consider these top five action items in support of their overall cyber readiness efforts.

  1. Know your hardware and software vulnerabilities. Conduct a periodic scan/review of all systems at least once every year, identify weaknesses by category, and develop and execute a remediation plan.
  2. Understand your process risks. Review and document key business processes and identify potential cyber security and information privacy risks associated with each to ensure proper safeguards are put in place.
  3. Update policies and procedures. Implement customized policies for key processes including human resources, finance, IT, operations, etc. that truly reflect your realities and ensure they are easily understood, followed, and enforced.
  4. Train all employees. Given that employees are your largest risk factor for a cyber breach, ensure you have periodic trainings and a knowledge testing plan in place.
  5. Validate your defenses. Test your defenses. Conduct an annual penetration test or a tabletop exercise. Review your cyber insurance, disaster recovery, and business continuity arrangements to make sure your earlier assumptions still hold true and that the procedures you have put in place are effective.

These items represent a journey of continuous improvement rather than a simple “check the box” exercise. Addressing them in the order stated is also important, since you must secure the foundational elements before being able to test and validate your readiness.

To help you develop a better understanding of your organization’s cyber and information security risks, our Technology Solutions Group has created a Complimentary Readiness Assessment. This assessment can lay the foundation for developing an effective cyber and information security plan for your organization, and help you avoid having a scary cyber story of your own to share!

Find out your cyber readiness score by taking this health check. Your scorecard will be ready in 48 hours for your review and planning.

***

If you would like to inquire about attending the above event, or you’d like to discuss your organization’s cyber needs, please don’t hesitate to reach out to Sassan S. Hejazi, Director, Technology Solutions, at Email or 215-441-4600.

Information contained in this alert should not be construed as the rendering of specific accounting, tax, or other advice. Material may become outdated and anyone using this should research and update to ensure accuracy. In no event will the publisher be liable for any damages, direct, indirect, or consequential, claimed to result from use of the material contained in this alert. Readers are encouraged to consult with their advisors before making any decisions.