Businesses must face the reality of cyberattacks and continue fighting back

With each passing year, as networked technology becomes more and more integral to how companies do business, a simple yet grim reality comes further into focus: The cyberattacks will continue.

In fact, many experts are now urging business owners and their leadership teams to view malicious cyberactivity as more of a certainty than a possibility. Why? Because it seems to be happening to just about every company in one way or another.

A 2023 study by U.K.-based software and hardware company Sophos found that, of 3,000 business leaders surveyed across 14 countries (including 500 in the United States), a whopping 94% reported experiencing a cyberattack within the preceding year.

Creating a comprehensive strategy

What can your small-to-midsize business do to protect itself? First and foremost, you need a comprehensive cybersecurity strategy that accounts for not only your technology, but also your people, processes and as many known external threats as possible. Some of the primary elements of a comprehensive cybersecurity strategy are:

  • Clearly written and widely distributed cybersecurity policies,
  • A cybersecurity program framework that lays out how your company: 1) identifies risks, 2) implements safeguards, 3) monitors its systems to detect incidents, 4) responds to incidents, and 5) recovers data and restores operations after incidents,
  • Employee training, upskilling, testing and regular reminders about cybersecurity,
  • Cyberinsurance suited to your company’s size, operations and risk level, and
  • A business continuity plan that addresses what you’ll do if you’re hit by a major cyberattack.

That last point should include deciding, in consultation with an attorney, how you’ll communicate with customers and vendors about incidents.

Getting help

All of that may sound a bit overwhelming if you’re starting from scratch or working off a largely improvised set of cybersecurity practices developed over time. The good news is there’s plenty of help available.

For businesses looking for cost-effective starting points, cybersecurity policy templates are available from organizations such as the SANS Institute. Meanwhile, there are established, widely accessible cybersecurity program frameworks such as the:

  • National Institute of Standards and Technology’s Cybersecurity Framework,
  • Center for Internet Security’s Critical Security Controls, and
  • Information Systems Audit and Control Association’s Control Objectives for Information and Related Technologies.

Plug any of those terms into your favorite search engine and you should be able to get started.

Of course, free help will only get you so far. For customized assistance, businesses always have the option of engaging a cybersecurity consultant for an assessment and help implementing any elements of a comprehensive cybersecurity strategy. Naturally, you’ll need to vet providers carefully, set a feasible budget, and be prepared to dedicate the time and resources to get the most out of the relationship.

Investing in safety

If your business decides to invest further in cybersecurity, you won’t be alone. Tech researcher Gartner has projected global spending on cybersecurity and risk management to reach $210 billion this year, a 13% increase from last year. It may be a competitive necessity to allocate more dollars to keeping your company safe. For help organizing, analyzing and budgeting for all your technology costs, including for cybersecurity, contact us.

© 2024

“BGM” is the brand name under which BGM CPA, LLC and BGM Group, LLC provide professional services. BGM CPA, LLC and BGM Group, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. BGM CPA, LLC is a licensed independent CPA firm that provides attest services to its clients, and BGM Group, LLC and its subsidiary entities provide advisory, and business consulting services to their clients. BGM Group, LLC and its subsidiary entities are not licensed CPA firms. The entities falling under the BGM brand are independently owned and are not liable for the services provided by any other entity providing services under the BGM brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by BGM CPA, LLC and BGM Group, LLC.

BGM WEALTH: Certified Financial Planner Board of Standards Inc. owns the certification marks CFP®, CERTIFIED FINANCIAL PLANNER™, CFP® (with plaque design) and CFP® (with flame design) in the U.S., which it awards to individuals who successfully complete CFP Board’s initial and ongoing certification requirements.