The average cost of a data breach has risen to a record high, according to a new study by the independent research firm Ponemon Institute. The study found that the global average cost grew from $4.24 million per incident in 2021 to $4.35 million in 2022, an increase of roughly 2.6%. Moreover, the global average cost has increased 12.7% compared to the 2020 average of $3.86 million. These trends are alarming. What’s your organization doing to fortify its defenses against cyberattacks?
BEST PRACTICES Cyber data — including financial records, sensitive customer information, and employee files stored on the cloud or the company’s technology devices and networks — is one of many organizations’ most valuable assets. Each year, management should evaluate what’s being done to protect these intangibles, where vulnerabilities exist, and how to make the assets more secure. Here are some cybersecurity best practices to consider.
Vet your vendors. Hacks are often perpetrated through the victim’s small or midsize vendors. That’s because smaller companies often lack the resources to put strong security measures in place — and hackers are ready, willing, and able to take advantage. Some companies limit outside access to their computer networks, refusing supplier and customer requests to share data. Others require vendors to verify their network security protocols. Some companies are establishing cybersecurity ratings — similar to credit scores — based on the amount of traffic to a company’s website from servers linked to cybercrime. As those ratings become more refined, managers may choose to avoid doing business with high-risk customers and suppliers.
Limit access. Companies often have more devices connected to the internet than management realizes. Moreover, when employees take devices out of the office or work from home, they expose data to less-than-secure home networks and public hotspots that provide wireless internet access. Evaluate which devices need to be connected to the internet and take steps to minimize off-site risks. Consider limiting which employees can work from home, educating employees about the risks of cyber breaches, and installing encryption software on devices that link to external networks. Encryption may create compatibility issues when sharing data with other companies and slow down data transmission. But it can be a powerful and cost-effective tool in the battle against cybercrime.
Adopt a continuous-improvement mindset. Protecting against cyber threats is an ongoing challenge, not a one-time event. Every time software, hardware, or application manufacturer releases an update or patch, install it immediately on every device systematically. Why? Hackers constantly troll for the latest patches and updates because they show where vulnerabilities exist. If hackers are nimble, they can exploit these vulnerabilities to steal data before customers have a chance to install the fix. Another helpful prevention strategy is requiring periodic changes to log-in passwords. Hacked passwords can cause a domino effect because people use the same password for multiple accounts. Some companies also use a security question or require users to authenticate their identity using a smartphone as another layer of verification.
Cover your assets. Another popular security measure is cyber liability insurance. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident. Cyber liability insurance can cover various risks, depending on the scope of the policy. It typically protects against liability or losses from unauthorized access to your company’s electronic data and software. Instead of purchasing a standalone cyber liability policy, you might be able to add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the endorsement isn’t as extensive as the coverage in a standalone policy.
Seek outside help. Cybersecurity is an important task that few organizations can handle exclusively in-house. Consider seeking external resources to reinforce your current information technology (IT) policies and procedures. For example, a growing number of small and midsize companies use outside computer security companies to evaluate vulnerabilities in their networks and test how well in-house IT professionals are securing their networks. Risk assessment is also an important part of year-end audit procedures. Accountants are familiar with ways to identify and reduce cyberrisks. Failure to protect valuable intangibles against the risk of cyberattacks can turn these valuable assets into costly liabilities.
NEXT STEPS If your company’s current cybersecurity strategy is limited to firewalls, antivirus or anti-malware software, ad blockers and other measures put in place to spot the tell-tale signs of a security breach, there’s a good chance that you already have a reactive cybersecurity strategy in place. However, you need a combination of proactive and reactive measures to actively prevent data breaches and mitigate cyberthreats. For more cybersecurity solutions, including cloud security services, Contact Jarrett Meiers, Director of IT.
Reynolds + Rowella is a regional accounting and consulting firm known for a team approach to financial problem solving. As Certified Public Accountants, our partners foster a personal touch with our clients. As members of DFK International/USA, an association of accountants and advisors, our professional network is international, yet many of our clients have known us for years through the local communities we serve. Our mission is to operate as a financial services firm of outstanding quality. Our efforts are directed at serving our clients in the most efficient and responsive manner possible, delivering services that exceed the expectations of those we serve. The firm has offices at 90 Grove St., Ridgefield, Conn., and 51 Locust Ave., New Canaan, Conn. For more information, please contact Elizabeth Bresnan at 203.438.0161 or email.