This week, London banks tested their cyber security mettle in an event called cyber attack “war games.” The event was designed to stress test financial institutions’ ability to withstand the kind of cyber attacks that are affecting businesses around the world with increasing regularity.
Specifically, the cyber attack war games simulated how a large-scale attack could cut access to ATMs, prevent communication among banks, and otherwise debilitate normal operations. The test reinforces once again the sober reality of what cyber attacks can mean for all kinds of businesses, especially those in the financial services sector. As it turns out, England isn’t the only country that’s taken the threat seriously.
Just last month, Wall Street hosted a similar event, prompting Judd Gregg, CEO of The Securities Industry and Financial Markets Association, to say that “Cybersecurity is a top priority for the financial industry.” Wall Street’s simulated cyber attack games allowed finance professionals to experience the potential effects of system crashes and disrupted market trading to test their preparedness for dealing with real threats.
If you run a small accounting or finance firm, stories of these tests may leave you wondering: what is a cyber attack, and how do I prevent it? If my firm’s cybersecurity is compromised, what steps do I have to take? Read on to find out the answers to these questions and more.
Cyber Attacks: Steps to Prevent Them
There are several steps you can take to protect your accounting or financial firm from potentially catastrophic data breaches:
- Step 1: Never click links from suspicious emails. Ever gotten spam email from a trusted friend or relative? “Try these pills! I did and lost 80 pounds in a week!” they might say. In addition to potentially spreading a host of viruses, such emails can open the door to identity theft by cyber thieves. Your best bet in avoiding both viruses and data breaches for your financial firm is simply ignoring suspicious emails. Don’t get drawn in by even the most legitimate of offers – if you don’t know who sent the email, don’t open it. The last thing you want is to expose your clients’ valuable information to hackers. And even if you know the sender, don’t click on links willy-nilly – viruses often spread by automatically emailing malicious links to every address in an infected person’s contact list.
- Step 2: Maintain complex passwords. Computer hackers are adept at cracking simple passwords. If your password is a word that can be found in the dictionary, it can be cracked within minutes. Avoid having your financial information and identity made vulnerable by having a mixture of uppercase and lowercase letters, along with numbers and special characters. It’ll be a pain at first, but the stronger and more confusing your password is, the more you reduce your firm’s risk of being the victim of a data breach.
- Step 3: Trust no one – even over the phone. Don’t ever provide sensitive information over the phone, and definitely don’t include it in emails or online chat sessions. Con artists can vary in their skill-level. An email from a Nigerian prince claiming you’ve inherited thousands of dollars is more obvious than someone from your “cell phone carrier” calling to update your personal information for a switch to a new cloud-based server. If you weren’t expecting a call, don’t give out information that can jeopardize your business. Play it safe – get their information and call them on your time.
Because you’re dealing with sensitive client information, you need to carry Cyber Liability Insurance. By carrying this policy, you’re protected from taking on the expenses associated with a cyber attack: damage control, potential lawsuits, and cyber extortion reimbursement, to name a few.
Security Breach Notification Laws for Accountants and Financial Firms
If your firm is attacked and you have to deal with the fallout of a security breach, there are certain laws that require you to notify your clients as soon as you’re aware the attack occurred. While this may seem daunting, it’s important that your clients be aware of the risks they face having their financial information in the hands of thieves that can use it to steal their identity, pillage their bank account, and more.
Take a look at the NCSL State Security Breach Notification Laws, a comprehensive guide to data breach notification laws by state. Interestingly enough, if your accounting or financial firm is located in Alabama, New Mexico, Kentucky, or South Dakota, there are no notification laws. That doesn’t mean you’re in the clear, though.
Take a look at a recent insureon blog titled, “4 Reasons Your Business Should Have Cyber Liability Insurance” for more information on the risks your face and how you can prevent those risks from costing your company big time.