Cyber risk is real. In today’s market, firms face more threats and a higher risk level than ever before. And the result? According to an IBM study, the average cost of a cyber breach in the United States is over $9.5 million.
Talk about an expensive line item.
And with 85% of firms stating their employees are their biggest cybersecurity risk, above third-party vendors and even hackers, it’s safe to say – the call is coming from inside the house.
So, what can you do to better protect your firm from potential cyber threats? In this blog, we’ll identify some of the key resources and tools to help your firm turn its employees from its biggest risk to its best defense.
Equipping your employees with the tools and resources to mitigate cyber risk
During a recent webinar, we polled the audience on what measures they are taking to secure data and protect their firm:
- Implement Multi-Factor Authentication (MFA) – 65%
- Utilize Virtual Desktops or VPNs – 9%
- Regular Employee Training – 11%
- Monitoring and testing – 5%
- Cyber Insurance – 2%
- Installing Anti-Malware – 2%
While every firm will have its own unique risk points, and will therefore, require its own unique cyber strategy, there are a few tactics we can all embrace to better protect against cyber attack and arm employees with the tools they need to tackle the world wide web.
- Educate and train your staff on cybersecurity best practices, including how to identify suspect emails and social engineering attacks. Consider training modules and simulations to test employee responsiveness.
- Stay updated with threat intelligence feeds to proactively detect and mitigate emerging threats and update training as appropriate.
- Incorporate cybersecurity training into onboarding practices to ensure all employees are knowledgeable of cybersecurity protocols from day one.
- Protect sensitive data by implementing “acceptable use” or limited access to devices based on job responsibilities, terminating access for former employees and limiting mobile device usage.
- Install appropriate software and programs (including antivirus and malware) on devices used to access client data. Make sure subscriptions are active, and all updates are automatically installed.
- Do not allow clients to provide wiring instructions via email. Confirm all transfers verbally and have each client provide a secret word.
- Do not store client information on your firm’s internal server. Instead, use secure, cloud storage providers including a cloud back-up service.
- Require your staff to use different, alphanumeric passwords to access each separate system. Never write down these passwords and require all passwords to be automatically updated every three months. Always require two-factor authentication for your staff to access all systems.
- Encourage all staff members to protect their personal information on social media networks, such as Facebook and LinkedIn, which can be exploited to enable attackers to answer your staff members’ personal security questions.
- Never email sensitive information to clients. Always utilize secure client portals or secure communications to deliver and request such information.
As cyber threats continue to advance, advisory firms will be tasked with keeping one step ahead of cyber-attack vectors, ensuring the firm and its clients remain secure.
Interested in learning more? Download The Ultimate Guide to Cybersecurity or schedule time to speak with a cyber compliance expert today!