Protect your company from a costly data breach

Written on Mar 22, 2018

By Molly Ryan Kowaleski, OSCPA content & community manager

However you get your news, you usually don’t have to look very long before you see the latest data breach or cyber-risk warning. Yet, many organizations remain unprotected and think such problems can’t happen to them.

Heather Maver, technology consultant at Warwick Communications Inc., along with Michael Johnson, data division manager and chief problem solver at Warwick, is telling these organizations (yet again) they are wrong and need to take steps to protect their consumers’ and internal data.

Heather Maver“Any company of any size – if they don’t have their own IT team, they’re going to have some of the same struggles,” Maver said. “We try to reach out to as many people as possible and everyone is aware the threat is out there, so fortunately they’re more open-minded to having those conversations.”

Maver and Johnson will be at the Northeast Spring CPE Conference on May 22 to provide resources for CPAs trying to get a handle on cybersecurity and prevent costly data breaches.

“The fact that we hear about data breaches all the time makes us almost numb to it,” she said. “There are a lot of smaller things that happen – it’s not just Target and Equifax. Smaller companies don’t think they have the same kinds of risks, but they do.”

The approach at Warwick Communications is to first understand an organization and its unique situation, including the challenges each business is facing. For example, during a data breach, a health care organization must work around HIPAA regulations, whereas a retailer might have a policy in place to contact stakeholders right away.

Maver and Johnson also provide tips for employees, because, as Maver said, “you can’t automate what every single person is going to do.” They include creating a strong, complex password and only changing it every so often.

“When a password is changed too often, people start dumbing it down to make it easier to remember,” she said, “but we’ve also had people who will use the same password for five years and that’s not secure either.”

She also recommends performing quarterly “health checks” to ensure updates and patches have been installed correctly and are being implemented the right way. The digital environment is constantly changing, so these tests are necessary to ensure the system is healthy.

“It’s a combination of having the right policies and software in place in conjunction with the human factor,” Maver said. “It’s about how you educate and keep employees engaged. And it’s also understanding there are resources out there so you don’t have to do it all by yourself.”

One of the biggest snags preventing companies from pursuing a full data security solution is the perceived cost, but Maver said it doesn’t have to be a huge investment. She said companies should think of it as more of an operational cost that will benefit the organization in the long-term. She also reiterated that organizations of any size are targets.

“Just be aware it doesn’t matter what size company or what industry you’re in; any way they can get in, they’re going to try to get in.

Maver and Johnson plan to highlight common threats, how to prevent security breaches and how to create a Backup Disaster Recovery Plan when a data loss occurs at the Northeast Spring CPE Conference. Spots are filling up fast – register today to save your seat!

Leave a comment