Effective January 1, 2022 DGC is merging with PKF O’Connor Davies (PKFOD), the 27th largest accounting and advisory firm in the U.S. Click here for more information.
Every business owner is concerned about cybersecurity threats.
But are you doing enough preventative maintenance to put your business in a position to stop a breach from occurring in the first place?
Performing a cybersecurity risk assessment allows business owners to know where they stand in terms of how protected their network is against cybersecurity risks and what they can do to improve. In this episode of “Unique Perspectives – The DGC Podcast,” our guest is Donny Butler, CPA, a Principal in DGC’s IT Risk Assurance & Advisory services group. Donny discusses what a cybersecurity risk assessment entails and what cyber professionals are looking for during the process. He says cybersecurity risk assessments should be treated like an oil change for your business.
“It should not be an elective procedure,” Donny said. “This is a way for non-IT professionals to understand where their network security stands while finding out if they are currently at risk and what they need to do going forward. It also provides them with an executive summary that outlines how secure their business is currently and what are the highest risk areas as well as a maturity model that will show them how they compare based on industry standards.”
A cybersecurity risk assessment can be broken down into three parts: Policy and document review, interviews with key individuals within an organization, and a technical vulnerability scan. A policy and document review is designed to ensure that a business has the proper documentation in place to adhere to federal and state guidelines. During the interview process, DGC will meet with personnel like business owners, C-level executives, and any IT professionals involved in network security about their organization’s cybersecurity risk management system and find any immediate gaps in security that need to be corrected. If an organization does not have a cybersecurity risk management framework, recommendations can be made about which one to select. Finally, the technical vulnerability scan might be the easiest step in the process and the most effective.
“Everyone should be doing this,” Donny said about technical vulnerability scans. “This is a quick process. It will tell you if there is any known malware or other network issues that need to be corrected right away. It will also outline how many IP addresses you have, what operating systems you are running, and when the last time every IP address was patched, while also keeping you up-to-date with current threats to stay one step ahead of cybercriminals.”
There is also an optional component to cybersecurity risk assessments called social engineering. Business owners can use DGC’s cybersecurity team to find out how prepared their employees are to handle threats by simulating how hackers attempt a breach. Tactics like mock email phishing attacks and mock vendor phone calls can be used to try and get information out of your employees, testing their awareness.
“You could have the most secure network on the planet, but if your employees are not properly trained, the whole system could crumble,” Donny said.
To listen to Donny’s entire interview, click here or use the player at the top of the page.
How prepared is your business to prevent, assess, and address cybersecurity threats? DGC’s IT Risk Assurance & Advisory services team can help safeguard business owners from the unexpected by providing a cybersecurity risk assessment that produces useful data and proactive next steps. Contact a member of your DGC client service team or Donny Butler, CPA at 781-937-5137 / firstname.lastname@example.org.