How can you erect cybersecurity defence on a small budget?
By the Association of International Certified Professional Accountants
You may not be a multi-billion dollar corporation but that doesn’t mean you are immune to one of the biggest risks currently threatening businesses: cybercrime. No matter your organisation’s size or revenue, preventing and mitigating cybersecurity fraud needs to be a top priority. From WannaCry to NotPetya, the last year has shown us that cyber criminals will exhaust every avenue to get a hold of an organisation’s assets, financial or intellectual. And the rise in cybercrime will only continue; according to the Ponemon Institute’s Cost of Cyber Crime report, the number of breaches in 2017 was up an average 27.4% from the previous year.
So where does this leave businesses, who have limited budgets and resources to protect their organisation? The good news is that you can still improve safeguards on your organisation without spending millions on new tech and infrastructure. This can be done by exploiting the resources and policies you already have at hand, as well as leveraging a few simple tools. Here are five simple ways to improve protection on a limited budget:
Prioritise what to protect
Even multi-billion dollar corporations can’t protect every company asset. They simply don’t have the means, nor the budget. For small and medium-sized businesses, this is even more critical. Decide which company assets are the most valuable and create a plan to protect them. As the primary users of company data, accounting and finance professionals have the greatest insights into where an organisation’s high-value data is stored, how it is secured and who has access to it. With expertise in risk management, accountants are also well-placed to guide businesses on ways to safeguard your company’s data.
Assess your organisation’s culture and policies around cyber-security
This may sound simple but end-users are often the weakest link, and emphasising the importance of good security hygiene goes a long way toward building a better cyber defence. For example, as stewards of their organisations, familiar with risk and control processes, accountants can play a key role in developing a company-wide culture that supports cybersecurity efforts. This includes leading and participating in the development of key policies such as data classification, incident response plans, data retention and acceptable use. They could also support you in rolling out training, risk assessments and cyber insurance choices.
Update your software
Software is updated for a reason. Companies like Microsoft or Apple are constantly releasing software updates, commonly referred to as patches, to cover vulnerabilities that could let hackers in. These patches should never be ignored. Unpatched vulnerabilities offer gaps into your system that hackers use to install malware and ransomware, or to just gain control of your systems. An example of software updates being ignored en masse is the ‘WannaCry’ attack last year, which is estimated by some to have possibly cost businesses large and small USD4 billion!
Implement a cybersecurity framework for your business
If it hasn’t happened yet, at some point your organisation will develop a relationship with a larger entity. This relationship may generate data, and this could offer hackers not only a way into your organisation but a step into your partner’s business. Before committing to a relationship, many larger organisations will want to understand the steps you are taking to mitigate and respond to cybersecurity risks (and buffer them in the process). The American Institute of Certified Public Accountants (AICPA) recently released a flexible cybersecurity framework to help your organisation communicate, externally and internally, about how your business is managing this risk. The framework has been created to allow businesses of all sizes to address cybersecurity in an agile way that suits their organisation and needs.
To learn more about how to help manage cybersecurity risk, visit this cybersecurity resource centre from the Association of International Certified Professional Accountants, the new global organisation launched by members of the AICPA and the Chartered Institute of Management Accountants (CIMA) last year. This article was contributed by Venkkat Ramanan, FCMA, CGMA, Regional VP Asia-Pacific, Association of International Certified Professional Accountants.