accountants and business advisers
16 Dec 2019
Although October was designated by the U.S. Department of Homeland Security as National Cybersecurity Awareness Month, that didn’t stop any of the cybercriminals last month from doing what they do best – key logging, ransoming, hacking, phishing, etc. Just maybe ‒ because you are becoming more and more knowledgeable about the vulnerabilities of the internet ‒ you were able to recognize the possibilities and kept them away from your data using the best defense is a good offense approach. Call on us. We can help you.
The following is a rundown of what happened during the month of October 2019. We welcome your comments, insights and questions.
Tom’s Takeaway: Healthcare entities have a tremendous responsibility. Be it socially, morally, and, in today’s world, electronically. They have to shoulder the burden of ensuring our health and, equally as important, our privacy. Healthcare entities need to adapt and recognize that in order to provide patient care, they must also develop information and cybersecurity strategies to protect the very sensitive information with which they are entrusted. Cybersecurity needs to be viewed not as a business expense, but as a necessary component of patient care. We work with many healthcare-related entities. If you need assistance, we are only a phone call or e-mail away.
Tom’s Takeaway: In the course of helping clients manage their cyber risk, we interact with many IT-managed service providers. Like any business, some are great, some are OK, and some are concerning. What I often find is that the majority of small to midsize market customers don’t perform adequate due diligence on the security of the providers they are trusting to manage their systems and networks. This creates a high-risk blind spot. If you are using an IT-managed service provider, you should have ‒ and they should welcome ‒ an open and transparent conversation about their cybersecurity program and how they have designed their management approach to minimize the risk of their central management to your business. When we perform assessments for clients, this is one of the areas we advise them to allow us to explore on their behalf.
Tom’s Takeaway: Physical security is often overlooked as being critical in the security of digital information. We educate our clients that physical security is the basis on which all other logical controls are built. As you do your risk assessments, I encourage you to account for the physical aspect. Are key systems restricted to authorized personnel, are monitors positioned away from public view, is physical entry logged and monitored? These are some of the significant questions to consider.
Tom’s Takeaway: The market for stolen credentials extends much broader than just the Fortune 500 companies. Credentials are compromised and sold for businesses of all sizes, including individuals. With the credentials in hand, the attackers will leverage that information knowing that people have a tendency to use the same password or close variation thereof across sites. To help protect our clients, we offer a Dark Web monitoring service that will continually attempt to locate these compromised credentials and notify the customer of what accounts have been identified. This helps create invaluable situational awareness to the exposure of the company in the Dark Web and ensure a proactive response. If you would like a complimentary Dark Web check for your business e-mail domain, please contact me directly.
Source: PKF O'Connor Davies
For more information on how our services can help your business get in touch.