On a budget? How to protect data from costly cyber attacks
5 min read
26 October 2018
Andrew Harding, chief executive of the CIMA, takes a look at how companies can protect data on a budget.
For most of us, the threat of a cyber attack seems far off, an issue for huge multi-nationals or large government organisations. But that really is not the case – online fraud is rising as hackers seek vulnerable targets.
You wouldn’t leave your home unlocked when you go out. And I’m sure your workplace is secured and the burglar alarm set at the end of the working day. It is just as important to ensure your data is kept under virtual lock and key.
We’ve all heard of big global cyber attacks like WannaCry and NotPetya. And last year saw Malaysia’s darkest data breach to date, with more than 46 million mobile subscribers’ data stolen and leaked to the dark web.
But did you know there were 2.9 million recorded malware hits from botnets, 1.2 million spam email – with some containing coding to infect computers – and 8,000 targeted security incidents in 2017. Undoubtedly, smaller organisations are vulnerable.
In fact, online security firm Symantec reports that 43 per cent of cyber-attacks target them.
Breaches in cyber security are costly. A recent study shows the average is around $3.6 million per breach. But that’s just the immediate financial impact, a breach can harm a company through loss of trust and long-term reputation – issues likely to affect your brand and revenue.
So how do SME businesses, who have limited budget and resources, protect themselves? Here are some top tips to improve protection on a budget.
Decide which company assets are the most valuable and create a plan to protect them. As the primary users of company data, accounting and finance professionals have the greatest insights into where an organisation’s high-value data is stored and who has access.
With expertise in risk management, accountants are also well-placed to guide businesses on ways to look after that data.
Review your culture and policies
As stewards of their organisations, familiar with risk and control processes, accountants can play a key role in developing a company-wide culture that supports cyber security by leading and participating in the development of key policies such as data classification, incident response plans, data retention and acceptable use.
Tech companies like Microsoft or Apple are constantly releasing software updates, commonly referred to as patches, to cover vulnerabilities that could let hackers in.
Don’t ignore these. Unpatched vulnerabilities allow hackers to install malware and ransomware, or even gain control.
If hackers get in, ensure everything they see is indecipherable. Encrypt all hard drives, databases and data in transit by using up-to-date algorithms.
Use a cyber security framework
This is really important for you, your customers and your partner organisations. When your organisation develops a relationship with another, data is usually generated.
If this data isn’t secured, it could offer hackers a way into your organisation and your partner’s business. In fact, before committing to a relationship, many larger organisations will want to understand how you mitigate and respond to cybersecurity risk (and protect them in the process).
Look further afield for inspiration as well. The American Institute of Certified Public Accountants (AICPA) has a handy cybersecurity framework to help you communicate, externally and internally, about how your business is managing this risk.
The framework has been created to allow businesses of all sizes to address cybersecurity in an agile way that suits their organisation and needs.
Taking a realistic and responsible approach to cybersecurity is key to a businesses’ sustainable success. To learn more visit the cybersecurity resource centre from the Association of International Certified Professional Accountants.
Andrew Harding is chief executive of the Chartered Institute of Management Accountants.