In an electronic age, it’s not uncommon to hear of large businesses being hacked and their customers’ information stolen. But could it happen to your business? Any firm, even a small one, should take this question seriously.
Employers need to make sure they’re prepared to comply with changes in the law, and that their employees, too, are aware of how the law affects them. “Employers should remember such legally required communications as a notice that explains to new hire how to use a public health exchange, including relevant information about tax credits and subsidies,” Reynolds reports.
The reasons for having a security plan on paper, and then carried out with technology seem obvious, but are worth repeating: you need to comply with regulations related to cybersecurity, of course, but you also need to protect your customer, and your business itself, from the threat of financial hacking and phishing schemes.
Megan Leonhardt writes on wealthmanagement.com that a study by the North American Securities Administrators Association “found only 4 percent of small to mid-sized RIA firms have experienced a cybersecurity attack,” and an even smaller number – 1.1 percent – had experienced theft or something related. However, that survey relied on a small sample size (440 firms) and immediately drew the attention of IT and cybersecurity experts who believe many small or mid-size firms don’t know whether they’ve been attacked at all because they have no means to tell.
“Smaller firms often don’t have IT staffs and may not even be aware of threats on their systems,” Leonhardt writes. “More concerning is almost one in four firms in the study don’t have policies or procedures in place to deal with cyber breaches, according to the survey results.” Or, even if they have a plan on paper, they don’t have technology backing it up.
So what can you do to address cybersecurity? Start with a security assessment, Leslie Kramer writes on investopedia.com, and then start making adjustments. “Changes being made include the setting up of new verifications codes for business functions such as money requests, the initiating of newer, safer passwords, and the implementation of a ban on placing client data on laptops,” Kramer writes. “Many financial advisors are also putting in place cybersecurity audits to help ensure that their company information, as well as their clients’ information, is well protected from criminals lurking online.”
You’ll also want to look into cybersecurity insurance because the cost of an attack could cripple your business. “Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer,” Lucian Constantin writes on CIO.com, adding that companies should evaluate their needs and key risks when shopping for a policy. “Before you buy, investigate what risks are covered by existing insurance packages, because there may be overlaps with a cyber-insurance policy,” he writes. “Ideally cybersecurity insurance should encourage companies to improve security so they can negotiate lower premiums.”