Column: Five Ways to Protect Against a Cyber Attack
By Jennifer Openshaw
It’s now a daily occurrence. Read the headlines over your cup of java and there’s sure to be one on the latest cyber attack.
Isn’t it shocking that even the U.S. government, with its layers of bureaucracy and “state-of-the-art” defense systems, can fall victim to an attack on the data of 4 million workers?
In some ways, to me, it’s actually no surprise. As one who’s been close to technology since my days in Silicon Valley, I don’t see the issue going away anytime soon. Even Apple is paying heed to security with its new iOS9, adding two-factor authentication for your ID and stronger encryption to ward off hackers.
The impact of a successful cyber attack can be huge. The average cost runs to about $20 million for financial services firms, $14.5 million for those in the tech sector, $12.7 million in communications, and $8.6 million in retail. Deloitte says the cost to financial firms is the highest among all sectors!
But what if it’s your data under attack, or your firm? What can you do to protect your data and reputation?
In my new book on compliant social media for the financial industry, I talk to CEOs, CMOs, wealth management leaders and advisors about navigating the new world proactively and easily. Here are five key areas to consider if you haven’t already:
Do the basics. Lock and encrypt computers, use anti-virus software, and use a password manager. Be sure to control access to that password manager, typically limiting it to two people.
Train employees. Train them on social media, data security protocols, using personal devices, and reporting incidents. Don’t forget that vendors and employees may pose risks, even if unintentional ones.
For example: Social media for content sharing isn’t dangerous from a cyber crime perspective. But just as we need to watch those fraudulent emails, so we need to watch for the alluring follower on Twitter—the “fakie” who posts a link that reads “check this out!” only to infect your or your employees’ devices and possibly your firm’s networks.
Conduct a mock cyber attack. Smart firms are taking action now, simulating both attacks and responses to them. Train employees to conduct simulations of a data or social media breach: What would they do if malicious activity is detected? Who would they report it to? Among the key steps are to change passwords, notify key stakeholders, access or make backups of data, and contact your insurance firm if you have cyber insurance.
Create a customer feedback loop. It’s surprising how many financial firms do not have an easy way for customers to communicate online about some issue or breach. Consider a message in statements or online directing consumers to alert leaders to possible cyber security threats.
Protect publishing platforms. Web publishing is a straightforward process. The key is in the tools you use to post content. For example, if you use WordPress, secure that platform to better protect yourself and prevent the uploading of files that could infect your site or your visitors. Never allow others to upload files without first scanning them for potential risks.
It’s a new world out there. One thing going for you is that you can take action more quickly than the U.S. government can.
Jennifer Openshaw, author of The Socially Savvy Advisor, is a nationally known financial leader, consumer advocate and Dow Jones’ MarketWatch columnist. She can be reached at firstname.lastname@example.org.