Technology helps push business forward. Yet, at the same time, it makes us—and our companies—vulnerable to cyberattacks and data breeches.
Many small business owners don’t think they’re targets for cyberfraud because of their size. On the contrary, hackers see small businesses as easy targets because they lack the resources, personnel, and/or budget to ensure proper safeguards.
And, because hackers go where the most valuable information is (i.e., financial and customer data), accounting and finance professionals are the most vulnerable to these threats. Therefore, it’s essential for those working in small businesses to fully understand cyberhygiene.
What Is Cyberhygiene?
Cyberhyiene means ensuring best practices are in place to properly safeguard your most valuable data. Implementing software that can track traffic, has antivirus capability, and/or can report on machine operations; hiring internal or external IT professionals trained in security basics to constantly survey the cybercrime landscape; and updating your cybercrime tactics can help protect your company.
Hackers use sophisticated tools to launch their attacks and prey on busy professionals who might not second-guess what they’re clicking on. Phishing scams that trick people into clicking a link containing malware and ransomware attacks that hold hostage company information after clicking an infected link are two popular cyberattack schemes.
Who Is Affected?
Small businesses must change their mind-set from “we’re too small to be noticed” to “is a cyberattack already happening to us?” Reputation damage, loss of customer trust, and the financial impact of a cyberattack are devastating for small businesses.
When a data breach occurs, the company’s reputation is damaged and its customers become less trusting. It’s the company’s responsibility to protect customer data. Therefore, accounting and finance professionals should take the lead in creating and implementing a risk-management strategy, such as the COSO Internal Control—Integrated Framework.
How Can Cyberattacks Be Prevented?
The combination of the amount of data and changes in how we collect, store, share, and access it makes us vulnerable. Social media is an increasingly important communications tool for many small businesses; however, they should be cautious as to what information they share and who has access to the accounts. Companies should establish an employee policy about social media etiquette to protect their data and brand.
Another cyberhygiene best practice at the employee-level is to regularly change passwords and to create a password using a combination of 10 characters that represent a phrase or set of items that you can relate to but have nothing to do with your personal or business life. For instance, you can use the first four digits of a previous zip code in combination with street names from that zip code in an order that you will remember.
Staying Ahead of the Game
Hackers have been scamming people for years, but as technology continues to evolve, so will hackers’ schemes. To stay one step ahead, continuously monitor the cyberthreat landscape, stay up-to-date on current trends in security, and close any knowledge gaps by taking advantage of education. Make yourself familiar with the various tools that monitor the landscape.
IMA and its Technology Solutions and Practices Committee work hard to bring education about cybersecurity to our members. In July, IMA will be launching a new webinar series called “Tech Talk Mondays,” which will feature technology professionals who ensure cyberhyiene in their companies. Stay tuned for more details.
Written by Linda Devonish-Mills
Cybersecurtiy: Time for Companies to Do More – IMA Pulse
Improving Data Quality: People, Process, Technology – Strategic Finance