Experts Share Their Top Recommendations for Protecting Your Company
Small and mid-size businesses are more vulnerable to hacking than large businesses with nearly 60% of reported cases targeting such businesses. Over one-half of these attacks are due to employees, contractors, vendors, and others who have access to a business’ electronic systems.
Perhaps you are asking “Why are we still talking about this?” after years of hackings, ransomware attacks, and more making headlines. Unfortunately, COVID-19 caused an uptick due to the work from home environment which, in turn, uncovered even more vulnerabilities to be exploited by hackers.
PBO Advisory Group assembled a panel of experts for a webinar to discuss best practices for protecting your company from cyberattacks.
Panelist Grant Page, director of client success for centrexIT, told the story of a company with only 25 clients and 250 records that had to pay $120,000 to resolve its breach. He advised the attendees that there is no way to design a system that won’t fail against new attacks. Instead, businesses need to focus on resiliency.
With the price tag of an attack potentially devastating to most companies, our experts shared their top five security, finance, and insurance suggestions to help minimize your cyber exposure and costs.
Grant recommends developing a security-minded company culture with these five recommendations:
- Always have continually improved virus/spam/malicious content protection in place
- Have strong access control such as passphrases, MFA, VPN, MDM and SSO
- Regularly train employees
- Have solid policies and procedures in place including a business continuity plan
- Conduct frequent backups, tests, and restores
PBO Advisory’s consulting CFO Scott Palka has seen a trend in increased payment theft. Last year, he witnessed four payment theft transactions totaling one million dollars. To avoid becoming yet another victim, Scott makes these five recommendations:
- Utilize multi-factor confirmations on customer ship-to and vendor payment instructions, especially when the instructions you have used in the past have been changed
- Use “templates” for EFT payments such as ACH and wire payments and if an approved template is not being used, have additional mandatory approvals in place
- Be careful of payments made with Venmo, PayPal, Veem, and other such platforms
- Be cautious of customer billing portals
- Consider sending first a small transaction ($3 or less) to test the payment reliability
Cheryl Dunn Soto, an insurance recovery attorney with Frankin|Soto LLP, encourages all businesses to obtain cyber insurance. Nearly 70% of small and mid-sized businesses either don’t carry such insurance or are not sure if they have it, yet insurance is an excellent way to reduce the costs if you are hit with a cyberattack.
Her top five insurance recommendations are:
- Assess your cyber risks
- Do your homework and ask questions to ensure you are purchasing the proper policy for your specific risks
- Negotiate for coverage that the insurance company may not initially offer
- Understand and comply with the conditions of the coverage (such as required technology updates, staff training, etc.)
- Work with a knowledgeable cyber insurance broker with specialized knowledge
For more important information and tips from these experts, a recording of the entire one-hour webinar is available here.
If PBO Advisory can assist you, please contact our consulting CFO, Scott Palka.