The threat of cyber attacks is serious and has only grown more dangerous over time. The parties behind these attacks range from hackers and hacktivists to criminals and enemy nation-states. Before we explain how leaders in the financial sector can proactively respond to increasing cybersecurity threats, we want to share some recent stats on cyber attacks.
According to IBM’s 2021 Cost of a Data Breach Report, data breach costs rose from an average of $3.86 million to $4.24 million in 2021, the highest average total cost in the 17-year history of the report. The most common initial breach, compromised credentials, represented 20% of attacks at an average breach cost of $4.37 million. IBM’s study showed that automation and security artificial intelligence (AI), when fully deployed, provided the biggest cost mitigation of all security and prevention measures, saving companies $3.81 million per breach, on average. Organizations further along in their cloud modernization strategy contained the breach in an average of 77 days faster than those in the early stage of their modernization journey. Clearly, it is imperative that sensitive information, especially financial information, be safeguarded from cyber attacks.
That's why the U.S. Small Business Association offers the following best practices for cybersecurity.
Cybersecurity Best Practices
Train Your Employees
According to the U.S. Small Business Administration, employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices is a critical component of any cyber attack defense. The Department of Homeland Security offers training and other materials on subjects such as spotting a phishing email, avoiding suspicious downloads, creating strong passwords, and protecting sensitive customer and vendor information.
Use Antivirus Software and Keep it Updated
Each of your business’ computers should be equipped with antivirus software and antispyware, and they need to be updated regularly. All software vendors regularly provide patches and updates to correct security problems and improve functionality, and you should configure all software to install updates automatically.
Secure Your Networks
Whether your workforce is in-office or remote, make sure all employees safeguard their Internet connection by using a firewall and encrypting information. Make sure wi-fi networks are secure and hidden, and password-protect access to any routers.
Multifactor authentication requires additional information (e.g., a security code sent to your phone) to log in. Make sure any vendors that handle sensitive financial data use multifactor authentication for your account.
Back-Up Your Data
Regularly back up all data, including word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backups should happen automatically, if possible, and copies should be stored either offsite or on the cloud.
Choose Vendors That Will Keep Your Information Safe
The American Institute of Certified Public Accountants (AICPA) provides guidance to companies considering contracting with service organizations and created an objective evaluation tool to measure and independently verify the effectiveness of a service organization’s operations, compliance, and financial reporting controls. Companies can be assured that service organizations meeting the rigorous requirements for one of the AICPA’s Service Organization Control (SOC) reports have received independent verification that they can capably and safely manage sensitive financial and business data.
When considering a SaaS provider for a company’s financial and business data needs, you should always verify SOC report status. If a service provider has undergone the rigorous audit process required to officially meet the requirements for the SOC designation, business leaders can be much more confident in the safety of their sensitive data.
DataServ has successfully met the requirements for the SOC1 report. Meeting the requirements for this report provides clients with independent verification of DataServ’s ability to manage and safeguard the financial and business information entrusted to them by clients.
To learn more about DataServ’s APIA solutions, as well as our cybersecurity measures, contact us today.