How to Avoid a Cyber Attack

Tony Grahn
Written on November 27, 2018

Joanna Belbey, Contributor for Advisor Network, provides an excellent, potent “Best Practices” on avoiding cyber-attacks. If businesses and individuals would focus on these practices, they’d be much more safe and secure!

Here are some brief observations on her 5 main “Best Practices:”

Governance

Boards, business owners, and other key employees must “buy in” to the threat that cyber issues present. In addition, they must understand the need for better cybersecurity.  So identifying all of the risks associated with it is imperative. Some firms do this by hiring a new Board member or I.T. expert who is gifted in this area.  They often “lead the charge”. 

Risk Assessment

Identifying issues is the first of four common risk management steps.  It’s called risk assessment.  However, risks should not be identified once, but on an ongoing basis.  Your way of doing business and exposure to changing threats always presents a need to routinely be assessing your risks.  Collaborating with other similar types of firms, even with your vendors, can be helpful.  Finding and utilizing cyber-attack “watchdog” firms, and monitoring sites can be beneficial as well.

Cyber Security Training

Your employees are your biggest threat to your cybersecurity.  Just like the key to your front and back door, they have access to a lot of information. This information can include your client list, emails, your website, your passwords, and more.  You should provide them with training that is practical, relevant, engaging, interactive, and non-complicated!  It should also be provided on a regular basis. They should be required to change their passwords routinely, and report any suspicious activity.

Access Management

You should routinely go over who has access rights to your data, systems, and facilities.  As important is following procedures for terminating access rights. Be sure access rights granted are your firm’s policy.  If your firm allows for, care should be taken to implement a two-factor authentication step anywhere you can. This includes personal email and the major social media outlets. 

Vendor Management

It’s important to establish a policy on vendor selection and oversight. It’s important to vet and assess the risk from vendors. Setting standards that your vendors must go through is imperative.  The due diligence in the planning, selection, negotiating, relationship, and termination all play a vital part of proper vendor management.