accountants and business advisers
11 Nov 2019
Given the cyber misconduct reported for September alone we need to plan and devise ways to protect our cyber privacy and not wait to be victimized. Not only is it technical data that is being compromised, but cybercriminals have now found ways to use our human qualities – like our voice, finger prints, etc. – to exploit us for monetary rewards. We can work with you to help mitigate exposure to cybercriminals.
The following is a rundown of what happened during the month of September 2019. We welcome your comments, insights and questions.
Tom’s Takeaway: While no business is immune from a ransomware attack, it is clear that cybercriminals have taken a significant interest in targeting municipalities and school districts. In a report by anti-virus vendor Emisoft, 68 municipal entities and 62 school districts have reported successful ransomware attacks in the first nine months of 2019. While we have said this in prior issues of Cyber Roundup, the municipal sector needs to embrace and fund their cybersecurity initiatives as a component of public safety and to ensure a safe and effective educational environment. Until this shift in philosophy is seriously adopted, municipalities and school districts will continue to be victimized by cyber threats.
Tom’s Takeaway: When we work with compliance officers of financial institutions we often stress the importance that they understand the effectiveness of their cybersecurity program in mitigating their risks. All too often, the compliance officers rely too heavily on their IT department to manage and monitor their cyber program with little oversight. For many smaller financial institutions, they rely on an IT managed service provider. While it goes without saying that they should rely on their IT department or managed service provider on a day-to-day basis, the compliance officer must also monitor and understand the effectiveness of that program. A key component of that monitoring is independent IT audits and cyber assessments that are communicated directly to the compliance officer.
Tom’s Takeaway: This may be a new tactic to transfer funds; however, the solution to the problem remains the same. Any fund transfer must have an out-of-band verification process to known numbers and individuals.
Tom’s Takeaway: While the tech companies clearly have a profit incentive to standardize the laws, I also believe that a single all-encompassing federal law is the best course of action. In a global economy with consumer data crossing state and country lines on a daily basis, it will be necessary to avoid the confusion and inequity that disparate laws may create.
Tom’s Takeaway: Many companies rely on a single robust data center to not only run their servers but also store their backups in the same location. While many of these data centers are built to drastically minimize the risk of going down and losing power, it is no guarantee. This incident further emphasizes the age old adage of not storing all your eggs in one basket.
Source: PKF O'Connor Davies
For more information on how our services can help your business get in touch.