Is cyber security now the biggest risk to business?
As cyber crime continues to rise, Isabelle Bell finds out how CAs can be involved in the fight against the hackers.
In the wake of devastating cyber attacks on some of the biggest global businesses during 2015, one thing became abundantly clear: cyber security isn’t just an issue for IT departments anymore. Cyber crime is costing big brands like Samsung, JP Morgan and Vodafone millions of pounds – and affecting millions of customers in the process.
The threat of cyber terrorism is even causing some business leaders to hark back to a simpler technological era. Earlier this week, it was revealed that Sony Pictures CEO Michael Lynton now faxes sensitive messages, following a cyber attack in 2014 that led to his private emails and credit card details being published online.
The biggest threat in 2016?
But while it’s the cyber attacks on the major players that are making the headlines, just how much of a threat is cyber crime to the rest of the business world?
According to research by the Business Continuity Institute, the answer is ‘very’. It has recently named cyber crime as the biggest threat to business in 2016, ahead of the skills shortage and terrorist attacks.
It’s a finding echoed by Richard Pennycook, CEO of the Co-operative Group, who recently said in PwC’s 19th Annual Global CEO survey that: “One of the features of the 21st century and the digital revolution has been that the value of data has never been greater. But equally, that means the value of it to others who can defraud organisations, has never been greater.”
The role for CAs
With access to huge amounts of sensitive and valuable data from multiple clients, accountants have a key role to play in preventing cyber crime. Under the Data Protection Act, CAs could be fined up to £500,000 if they lose client data, or if the data is hacked.
“If firms don’t have proper system security measures in place, it could not only result in hefty fines and cause reputational damage, but it could even result in the business having to stop trading”, Mark Simpson, ICAS Infrastructure, Support and Security Systems Manager, said
From learning about cyber crime so firms can advise clients on information security, to creating a disaster recovery plan, there are a number of ways for CAs to be involved.
1. Keep an IT inventory
Keeping an up-to-date inventory of all of your hardware – including all devices and software – will make it easier to find and fix everything in the event of an attack. Your inventory should list all of your servers, remote mobile devices, laptops and workstations. It is also vital to determine if you have any software that isn’t authorised for business use or could be vulnerable to an attack.
2. Determine your sensitive and valuable data
Find out what sensitive and valuable information your firm holds about your business and your clients and make it the focus of your cyber protection plans. Sensitive data could include client details, financial information, intellectual property information or business plans, for example.
3. Take practical steps to prevent an attack
Prevent an attack by taking practical steps to improve your cyber security. Mark says that your cyber security checklist should include the following:
- Have you set up firewalls to protect your network computers from external attack?
- Are you protected by up to date antivirus software?
- Are you keeping the operating systems and key business applications updated?
- Are you encrypting your important data?
- Are you backing up your data?
- Do you have a Disaster Recovery Plan?