- “I’m the CEO –my CFO and IT guys have it covered.” “I’m the CFO –my IT department takes care of that.” “I’m the CIO -it’s my responsibility and I have it covered.” Sound familiar?
That’s how many management teams at small to medium sized businesses think, until the unthinkable happens. Unfortunately, the unthinkable is happening more frequently in the world we live in. If you haven’t guessed it yet, I am referring to the protection of your company’s and your clients’ electronic information and systems which are vital to the ongoing success and survivability of a business.
Your business may be impacted sooner than you anticipate as instances of cybertheft are increasing exponentially. Cyberthieves are growing in number due to the many recent publicized successes of data theft and the relatively easy access on the internet to the tools needed to execute cybercrimes. Keep in mind that these cyberthieves could include one of your current or former employees, a key competitor in your industry, a city-state hacker from any country around the world, or even an organized group of hackers. The motivation of each of these groups can vary, but the vast majority are looking to make easy money by stealing and selling your business information holding that information ransom or leveraging it to perpetrate further theft.
You may ask, “What can I do about it? I’ve done as much as possible.” If that’s your thought process, you probably should reconsider. As an analogy, you may recall hearing about the days when homeowners felt safe leaving their doors open all day and all night. Or you might be lucky enough to have experienced those relatively carefree days. Today, you would be considered foolish if you left your house doors open and didn’t expect someone to come in and take your valued possessions. So there’s a very real possibility that you are unknowingly “leaving the doors wide open” to your business information. In the same way that you lock your doors and maybe install a home alarm, there are certain precautions that you should take to reduce the risk of cybertheft by the growing number of cyberthieves.
- As a company owner, CEO, CFO or other non-IT senior business man-ager, you should meet with your CIO on a regular basis and take co-owner-ship of information security. Spend the time that is needed to gain an under-standing of cybersecurity risks, and the potential solutions and costs associated with protecting your company’s and your clients’ critical information.
- As the CIO or head of the IT department, be sure to engage the company’s owners and non-IT senior managers to help them gain a better understanding of your current information security risks and the costs of mitigation. Consider implementing a “risk register” to sufficiently capture, assess and rank risks, and develop agreed-upon risk treatment plans.
- You may have spent significant dollars on the latest technology (fire-walls, IPS/IDS, anti-malware, DLP, etc.), but all of that technology requires people to properly operate, maintain and monitor your systems. Every company is at risk if it doesn’t have a layer of manual controls over the technology environment to:
- Monitor and respond to system alerts
- Keep IT devices (servers, desk-tops, laptops, routers, firewalls, etc.) configured according to best practices
- Keep user access to applications, data and IT assets restricted over time
- Follow a formal process for testing and approving changes to system hardware or software
- Monitor the system for vulnerabilities and respond to results of penetration testing
- Make sure that software and data is backed up as intended by management, and periodically perform restore testing
Click here to view the article on the Business Ledger website.
FGMK is a leading professional services firm providing assurance, tax and advisory services to privately held businesses, global public companies, entrepreneurs, high-net-worth individuals and not-for-profit organizations. FGMK is among the largest accounting firms in Chicago and one of the top ranked accounting firms in the United States. For more than 40 years, FGMK has recommended strategies that give our clients a competitive edge. Our value proposition is to offer clients a hands-on operating model, with our most senior professionals actively involved in client service delivery.