Managing Partner Evelyn Ashley speaks this week at The Morison KSi North America Annual Conference in Boston, MA. Morison KSi is a global association of leading professional service firms, serving the cross-border accounting, auditing, tax and consulting needs of clients. Ashley will be presenting “Managing Cyber Risks: A Legal & Business Plan of Action.” Below is an excerpt of her presentation for best practices for managing cyber risks.
Educate and Train Everyone
It’s vital that the “C-Suite” team create a culture of privacy protection. In other words, it’s not just about protecting the client information, but also protecting the company information. Discuss and communicate with your team how data will be collected, used and disseminated. Educate and train your employees and contractors on proper data and technology protection procedures. Provide regular updates to everyone on phishing schemes, and viruses. It’s vital.
Invest in Technology
Simply said, old technology will make your network vulnerable. So be proactive and update your firewalls regularly as well as your computer passwords. In addition, network and hardware backups should be done at least daily; more frequently is even better. Beware that CPA and Law Firms are targeted for attacks because they are not always up-to-date technically and are very vulnerable.
Have a Data Security Policy
This is a document that is used as part of the training and education process. Don’t create one simply to have one and then put it away. Remember that it’s a living document. All employees should have access to it and it should be updated periodically. Also, have your IT department create friendly hack tests and vulnerability tests to your systems.
Information Storage Limitations
Eliminate data for which your business might not have a real need for.
Get Cyber Insurance
On average, a breach is between 15,000 – 20,000 records. Take in account the cost to correct a record at ~$40.00 per record and it will get very costly. It is well worth looking into and getting insured.