Don't forget to share this post!
Have you ever wondered how long it takes a cyberattack to infiltrate a network after getting into one computer on a system? The average is 48 minutes, and some attacks have “broken out” in as little as 51 seconds. In that time, cyberattacks can do irreparable harm to victim companies and cost millions of dollars to rectify.
One of Oak Street Funding’s recent webinars focused on the issue of cybersecurity where Cody Rivers, managing director at Reveal Risk, a cybersecurity and risk management consulting firm, discussed several aspects of cybersecurity considerations. His advice is that businesses, specifically wealth management, CPA and insurance agencies, should not only consider the cybersecurity of their own organization, but also look at the third-party vendors that they work with. He and Ben Phillips, director of IT and Risk Advisory at Katz Sapper & Miller, also dive into how cybersecurity impacts mergers and acquisitions (M&A).
Given the importance of protecting your agency and the prominence of attacks, you could say cybersecurity is now the sixth “C” of credit.
The number of cyberattacks occurring worldwide continues to grow. Attacks can expose sensitive customer information, hijack a company’s computer systems, make payment of fraudulent invoices to false actors, and harm a company’s public reputation and brand.
Maintaining cybersecurity is crucial to sustaining customer trust and protecting company assets. It’s also a requirement in many industries and professions. Just as a business must protect itself against fire with smoke detectors and sprinklers, it must defend itself against bad actors bent on infiltrating its computer systems.
Many firms recognize the importance of securing their own systems. What often goes unaddressed, however, are the risks of a cyberattack on or through a third-party vendor. What happens when their systems are compromised?
A perfect example is the July 2024 CrowdStrike-Microsoft outage that grounded flights and turned Windows computers around the world into doorstops overnight. The cybersecurity of any company that depends on software or data storage from another firm is only as good as the cybersecurity of that vendor.
While nothing can prevent all attacks on third parties from spreading downstream, these steps can lessen their impact:
Gone are the days when companies could hope to avoid cyberattacks by just directing employees to change passwords frequently. It’s vital that every firm, no matter its size, has a written cybersecurity plan that’s updated often. Ideally, there should be an IT (information technology) department, even if it is made up of only one person.
Some companies choose to hire cybersecurity firms to continually monitor their systems for signs of infiltration. While this approach can be cost-effective, it only outsources the responsibility for cybersecurity. The company itself, and a designated person within it, must maintain accountability for ensuring that systems are in place and the cybersecurity vendor is adequately doing its job, according to Rivers.
For some businesses, there are additional, legally mandated, cybersecurity requirements. Firms such as CPAs, registered investment advisors, and insurance agencies that offer financing all have access to sensitive financial data from their clients. The Federal Trade Commission (FTC) has issued specific rulings on how that data must be protected and how consumers must be notified of their data’s use.
Fortunately, the FTC Safeguards Rule is explained in plain language on the FTC website. It is vital that any firm maintaining access to client financial information abides by these safeguards.
Maintaining cybersecurity has never been more important than it is now. Businesses need to look out for their own vulnerabilities and plan for what to do if they, or any of their third-party vendors, are attacked.
Ready to take the next step? Contact us or book a call today!