Businesses of all sizes and across industries face many challenges. In recent years, they have faced a global pandemic, natural disasters that include massive wildfires and hurricanes, rising costs of benefits, rising interest rates and workforce shortages. We know these challenges as national news outlets report on them daily. There is one area of concern for businesses that is not on this list, and it is cyber risks.
According to Travelers Insurance, cyber risk has remained a top concern for businesses for over nine years. While 90% of businesses report they are confident they have implemented cyber best practices, at least 25% of businesses are not even implementing the most basic cybersecurity practices such as firewalls, end-point protection (virus protection), data backup and password updates! Read that sentence again – and let the numbers really sink in for a minute.
A recent conversation with a client provides some insight into these numbers. Our client felt confident their cybersecurity posture improved because they moved “everything to the cloud” and no longer had on-site servers running applications and storing data. This client then reviewed the SOC2 from one of their cloud providers and checked all the shared responsibilities they had to do to secure their data as a cloud consumer. This prompted our conversation because they now knew they needed help. Moving to the cloud doesn’t mean your business no longer needs firewalls, end-point protection, data backups and password updates.
For businesses in the financial services industry, two things are in order. First, ensure you have the appropriate cybersecurity program that addresses the administrative, technical and physical controls necessary to protect your clients’ information. You should also have your cybersecurity program and controls independently reviewed to clearly understand your program’s maturity and to help ensure you’re not missing something. A business may have multifactor authentication, but is it appropriately configured to prevent threat actors from bypassing it? Second, the businesses you lend to or invest in should also have their cybersecurity program properly. Don’t rely solely on self-reporting; require independent assessments of their controls as well. Remember, 90% of businesses reported they were confident in their cyber programs, yet 25% of those same businesses were not even doing the most essential items.
Withum is here to help you ensure you have the right cybersecurity program based on your organization’s size, complexity and regulatory obligations. Cybersecurity is not a “one-size-fits-all,” even though many basic practices should be in place by all businesses. Withum can assess your program and make suitable recommendations that align with your overall strategy.
Author: Julie Tracy, Executive Cybersecurity Advisor | [email protected]
Contact Us
Don’t wait until something happens to evaluate your security protocols. Connect with our Cyber and Information Security Services Team today.
