LEARN MORE
LEARN MORE

Resources

 

Cybersecurity: The Sixth C of Credit

Cybersecurity The Sixth C of Credit

Don't forget to share this post!

iconfinder_facebook_834722   iconfinder_twitter_287523   iconfinder_linkedin_834713   Email Icon

Have you ever wondered how long it takes a cyberattack to infiltrate a network after getting into one computer on a system? The average is 48 minutes, and some attacks have “broken out” in as little as 51 seconds. In that time, cyberattacks can do irreparable harm to victim companies and cost millions of dollars to rectify.

One of Oak Street Funding’s recent webinars focused on the issue of cybersecurity where Cody Rivers, managing director at Reveal Risk, a cybersecurity and risk management consulting firm, discussed several aspects of cybersecurity considerations. His advice is that businesses, specifically wealth management, CPA and insurance agencies, should not only consider the cybersecurity of their own organization, but also look at the third-party vendors that they work with. He and Ben Phillips, director of IT and Risk Advisory at Katz Sapper & Miller, also dive into how cybersecurity impacts mergers and acquisitions (M&A).

Given the importance of protecting your agency and the prominence of attacks, you could say cybersecurity is now the sixth “C” of credit.

 

Why is cybersecurity important?

The number of cyberattacks occurring worldwide continues to grow. Attacks can expose sensitive customer information, hijack a company’s computer systems, make payment of fraudulent invoices to false actors, and harm a company’s public reputation and brand.

Maintaining cybersecurity is crucial to sustaining customer trust and protecting company assets. It’s also a requirement in many industries and professions. Just as a business must protect itself against fire with smoke detectors and sprinklers, it must defend itself against bad actors bent on infiltrating its computer systems.

 

Risks from third-party vendors

Many firms recognize the importance of securing their own systems. What often goes unaddressed, however, are the risks of a cyberattack on or through a third-party vendor. What happens when their systems are compromised?

A perfect example is the July 2024 CrowdStrike-Microsoft outage that grounded flights and turned Windows computers around the world into doorstops overnight. The cybersecurity of any company that depends on software or data storage from another firm is only as good as the cybersecurity of that vendor.

 

Get Industry Insights to Your Inbox

How can a company mitigate the effects of third-party attacks?

While nothing can prevent all attacks on third parties from spreading downstream, these steps can lessen their impact:

    • Vet a vendor’s cybersecurity plans – Before entrusting a company’s data and/or systems to a third-party vendor, it’s crucial to carry out an assessment of how those assets will be secured.
    • Confirm adequate cybersecurity insurance – Not only should a company have its own coverage, it should also confirm that its third-party vendors have adequate insurance to cover client losses due to information breaches or attack-caused downtime.
    • Redundant systems and storage – Companies should spread out their risk and increase their recovery options by using multiple cloud storage sites and physical backups whenever possible.
    • Recovery systems – Having a regularly updated company policy for dealing with cybersecurity incidents is a must. A specific person should be appointed to lead the effort.

 

Internal cybersecurity measures

Gone are the days when companies could hope to avoid cyberattacks by just directing employees to change passwords frequently. It’s vital that every firm, no matter its size, has a written cybersecurity plan that’s updated often. Ideally, there should be an IT (information technology) department, even if it is made up of only one person.

Some companies choose to hire cybersecurity firms to continually monitor their systems for signs of infiltration. While this approach can be cost-effective, it only outsources the responsibility for cybersecurity. The company itself, and a designated person within it, must maintain accountability for ensuring that systems are in place and the cybersecurity vendor is adequately doing its job, according to Rivers.

 

Special requirements for handling financial data

For some businesses, there are additional, legally mandated, cybersecurity requirements. Firms such as CPAs, registered investment advisors, and insurance agencies that offer financing all have access to sensitive financial data from their clients. The Federal Trade Commission (FTC) has issued specific rulings on how that data must be protected and how consumers must be notified of their data’s use.

Fortunately, the FTC Safeguards Rule is explained in plain language on the FTC website. It is vital that any firm maintaining access to client financial information abides by these safeguards.

 

Summary

Maintaining cybersecurity has never been more important than it is now. Businesses need to look out for their own vulnerabilities and plan for what to do if they, or any of their third-party vendors, are attacked.

Ready to take the next step? Contact us or book a call today!

Share This:

Featured Articles

Categories

See all


Exclusive Resources

SBA vs Conventional Loans | Oak Street Funding Blog

SBA vs. Conventional Loan Solutions: A Simple Comparison

Choosing a Financial Partner | Oak Street Funding Blog

Securing Your Future: Key Factors in Choosing a Financial Partner

Acquisition Financing | Oak Street Funding Blog

Acquisition Financing: What It Is and How It Works

Disclaimer: Please note, Oak Street Funding does not provide legal or tax advice. This blog is for informational purposes only. It is not a statement of fact or recommendation, does not constitute an offer for a loan, professional or legal or tax advice or legal opinion and should not be used as a substitute for obtaining valuation services or professional, legal or tax advice.