Charting a safe course through expanding cyber minefields

By Scott Koman and Mark Banks

The FBI announced in early April the breakup of a Russian scheme to insert “botnets” into routers and firewall software used by small businesses across the world, possibly giving the hackers access to data and ability to reconfigure devices.

In 2020, there was shocking news that a hacker penetrated a Florida water treatment plant and increased the chemical mix to dangerous levels before it was discovered in time to prevent injuries. The following year a hacker used a stolen username and password to get into a San Francisco Bay Area plant for a similar attack. Media reports of other attempted cyber-launched infrastructure intrusions, including ransomware, abound.

Alerts by federal authorities of potentially crippling cyber-attacks and data thefts by Chinese and Russian hackers have grown in recent years. In the wake of Russia’s invasion of Ukraine, its recent partnership with China, and both countries’ history of digital warfare, the threat level is at new highs.

Cyberattacks can take many forms and are growing increasingly sophisticated. From malicious links in emails and texts to password cracking software to phishing ploys involving messages and phone calls purporting to be from clients or bosses needing information, companies and organizations big and small may find themselves targeted.

Successful cyberattacks can lead to financial losses and the theft of sensitive information. Repairing damaged networks can be time-consuming and expensive. If hackers steal client information, the blow to a company’s reputation may be the costliest consequence.

While cyberattacks can occur anytime and to anyone, companies can take precautions to make themselves more resilient and minimize the damage should a successful penetration occur.

Staying safe

Having a strong cybersecurity posture is the best defense against cybercrimes. Especially with today’s distributed workforce, continuous monitoring, training, and communications are crucial to preventing and detecting cybercriminal activity.

The following are some critical cyber-safety steps:

• Continually evaluate and monitor your IT infrastructure: Ensure all software has the latest updates – this is especially important for antivirus and malware protection. Employ methods to spot and address unexpected or unusual network behavior.

• Harden entry points: Require multi-factor authentication for remote entry and make sure you have strong passwords system-wide. Designate what computer-related applications are approved, such as platforms for virtual meetings.

• Look at vendors and suppliers: Third-party vendors should have good controls in place. You must make sure the vendor’s system security is not putting your operations – and client or customer information- at risk.

• Have a crisis response team: Designate a team with main points of contact in case of a cybersecurity incident. If hackers penetrate your system, you will want a group that includes an attorney, a forensic accountant, and a cybersecurity expert. This team will work with upper-level management to quickly quantify the damage, preserve evidence, and take steps to prevent future attacks. Because litigation may result, having an attorney on the team ensures that as your business deals with the issue, all communications become “work product privilege,’’ and protected from discovery in a lawsuit.
• Resilience: Encrypting data, so it is unreadable if stolen; verifying backup procedures that are isolated from network connections; and testing manual controls to ensure critical functions continue should your network go down are among the crucial steps to ensure your company can continue operations despite a hack.
• Training: Guarding against cyberattacks is not a once-and-done affair — update employees about the latest threats and needed precautions.
• Evaluate your insurance policies: Don’t wait until a cyberattack to start reviewing your coverage. Many companies find their existing business coverage isn’t adequate if they face significant disruption. In the event of a hack, contact your carrier immediately – failing to make a prompt notification can result in a denied claim.

Many of the steps mentioned above are also applicable to home cybersecurity, such as using two-factor authentication, keeping software updated, using strong passwords, and caution when clicking links.

The Cybersecurity & Infrastructure Security Agency (www.cisa.gov) is a good resource for learning more about cyber intrusion protection and the latest threats.

Ensuring your precautions work – SOC audits

Once your security measures are in place, testing is essential to ensure the best chance of prevailing when contact with the cyber enemy occurs.

System and Organization Controls (SOC) audits rigorously test your company’s policies and procedures and point out any weaknesses. Audits look at physical security and whether policies and practices are adequate. Many companies initially undergo a SOC readiness assessment, which doesn’t do any testing, but instead looks at existing safeguards and procedures to see if they are adequate for the task.

SOC audits also show clients a company is serious about protecting information and, just as important, help companies improve internal controls. For more information about SOC audits and how Boyer & Ritter can help, click here

Now is the time to act

The time to take precautions and implement policies is before an attack occurs. The world isn’t getting any safer, and what you don’t know – or don’t prepare for – can hurt you and your company.

Boyer & Ritter can help you evaluate and understand your unique cybersecurity environment. If you have concerns regarding the safety and security of a third party with access to your information, our team can also help you address those concerns.

We look forward to helping position your business navigate through today’s ever-expanding cyber minefields.

About the authors: Scott A. Koman, CPA, CFE, MAFF and Mark W. Banks, CPA, CFE, MAFF are managers with Boyer & Ritter LLC, where they are members of the Advisory Services Team. Contact Scott skoman@cpabr.com or Mark at mbanks@cpabr.com.