When it comes to cyber security, it’s no longer a question if your firm will be attacked – it’s a question of when. This article is a brief introduction to the concept of cyber-wellness for accounting firms.
Today’s business world is becoming ever more interconnected, bringing new opportunities and creating new vulnerabilities. New threats are emerging are emerging every day – not just from people, but from a widening attack surface and enhanced communications.
As an accounting professional, you and your staff have access to highly sensitive data. And unfortunately, bad actors have the ability to track people using their mobile phones and even their Fitbits. They can hack your laptop and your car, watch, TV and hearing aids. In short: Yes, increasing Internet connectivity is making life easier, but it's also creating more ways for criminals to get into your and your clients' information. And according to experts, instead of a cyber attack that deletes or releases stolen data, the next wave of attacks will merely change digital data to compromise its integrity so that, for example, all the tax return data in your systems are no longer correct.
To combat these frightening possibilities, a new approach is required: cyber wellness.
This plan of attack takes into account the fact that it is impossible to centrally control every connection with employees and clients. Everyone in the firm is responsible for the risks they undertake. It is an active process – just like physical wellness programs, in which the company takes an active approach to promoting and maintaining employees’ good health. With cyber wellness, proactive choices need to be made across multiple dimensions of cyber defense, response and governance.
How to Proactively Defend Yourself
Consider how predictive weather data enables coastal areas to initiate preventive measures before a tropical storm arrives. Cyber wellness functions the same way; it doesn't wait for an attack to happen. Intelligence and threat assessment data should be used to create active learning scenarios to deepen employee cyber knowledge/training – as well as to provide flashing updates.
These are the steps to take:
• Perform an initial vulnerabilities assessment, and create a prioritized cost/benefit remediation plan
• Determine if approach and security strategies meets best practices
• Evaluate your current spending relative to the value of the assets protected
• Map current and emerging threats
How to Respond to Being Hacked
Cybersecurity is an ongoing problem that needs to be managed by everyone in the firm so when bad events happen, employees at all levels are better prepared to deal with them. Accounting firms need to:
• Create security incident response plans that consider both practices and legal issues
• Perform penetration testing and tabletop exercises
• Have a public relations plan in place and legal counsel on board before an incident ever occurs
How to Enable Effective Governance
Your accounting firm needs an effective governance structure that ensures that the firm, affected employees and vendors make an assessment that identifies current and emerging vulnerabilities to specific breaches. If you haven't done so already, you need to:
• Perform cybersecurity audits
• Develop strong, detailed polices – backed with ongoing workforce training and development – to ensure that employees understand threats and how their actions can help safeguard company assets
• Implement management processes for all third-party vendors and suppliers
• Make considerations for insurance coverage, structuring and implementation
• Create an effective cybersecurity governance structure and training for all levels in the firm
By taking this comprehensive approach, you'll keep yourself, your clients and your staff members as safe as possible. Future articles will delve deeper into the details and ensure you are well informed about cyber security.
Cyber Risk Management, Expert Witness & CEO
David X Martin, LLC
I am passionate about helping business leaders sleep better at night – by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth.
My career is grounded in managing risk – from cybersecurity to financial and operational risk. In addition to setting successful...