About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Contact
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Internal Controls Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation M&A Advisory Outsourced Accounting Solutions Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

6 Things to Do Now to Protect Your Business from Cyber Risks

June 25, 2021 Risk Assurance & Advisory, IT Risk Advisory

In this first installment of our cyber safety series, we offer insights into the initial steps you can take to better protect your company from cyber attacks.

Today’s cyber environment can be extremely intimidating. There are a variety of fraud attacks to watch out for, and the increasing number of employees working from home offers cyber criminals even more opportunities to take advantage of unsecure systems and processes.

If you are unsure of where to begin in protecting your business from cyber fraud, address these six areas — assess, encrypt, patch, educate and insure — now for a head start.

1. Assess Your Cybersecurity Processes

Knowing the current status of your cybersecurity processes and technical capabilities is one of the most important prerequisites to protecting your organization against cyber risks.

A well-executed cybersecurity assessment will help you identify the assets most at risk for attack and determine gaps in your ability to secure against a breach. Your assessment should be performed by personnel with sufficient knowledge of technology, and IT and cybersecurity processes and controls. For best results, leverage a cybersecurity framework such as NIST Cyber Security Framework and the Center for Internet Security Common Security Controls to ensure your assessment is thorough and aligned with best practices.

2. Identify and Encrypt Sensitive Data

Encryption of data is one of the simplest ways to secure private and confidential data from cybersecurity attacks.

Start by identifying all private and confidential data that could put the organization at risk if they were to be stolen or in any way compromised. In addition to the obvious data that should be secured, such as credit card information and personally identifiable information (PII) and protected health information (PHI) data, also consider data required to be secured by certain regulations such as HIPAA or customer agreements. Also consider risks posed if other confidential company information is exposed, such as plans to acquire or dispose of business units, and research and development of new products.

Be sure to encrypt data at rest and in transit. Also ensure the encryption technology is up to date with current standards.

3. Routinely Patch All Systems

System vulnerabilities stemming from outdated or unpatched systems create a significant risk of cybersecurity breach. Routinely patching your systems is one of the most important steps you can take to reduce your exposure.

In addition to routinely patching your systems, your patching process should also include activities for identifying and applying off-cycle patches for critical vulnerabilities. For situations where you are unable to apply a patch because of system compatibility or other issues, it’s important to implement other activities to minimize the risk associated with the unpatched system until you are able to resolve the patching issues. 

4. Educate and Train Employees on Cyber Risks

For all our advances in technology, people are always the first line of defense against cyber attacks. The more knowledgeable and prepared your people are, the more likely they will not fall for phishing and social engineering attacks. They will also be less likely to click on a random link or download the latest screensaver app — potentially exposing your entire network in the process.

Provide employees with routine, mandatory training on information and cybersecurity risks, and teach them how your company expects them to identify and respond to possible cyber attacks. With technology and risks changing at a rapid pace, update the content of your employee training routinely to ensure it’s relevant.

5. Obtain, and Understand, Adequate Cybersecurity Insurance

While you can take steps to significantly reduce cybersecurity risks, you can never eliminate it completely. Your cybersecurity risk plan should include sufficient cybersecurity insurance coverage to help offset the impact of a successful cybersecurity attack on your organization.

As with any insurance purchase it’s important to make sure the provider is reputable, deductibles are manageable, coverage amount is sufficient for your needs and that you understand exactly what you are getting for your premiums. Also evaluate any existing insurance policies for existing cybersecurity coverage.

6. Back Up Critical Data and Routinely Test for Recoverability

In the event of a successful cybersecurity attack on your organization, your first objective will likely be to recover and get back to normal as soon as possible. Routinely backing up critical data and testing for recoverability is critical to your ability to recover from a cyber attack. Ensure your data is backed up with sufficient frequency to minimize any data loss. Consider backing up highly critical data in real-time. Also routinely test the backed up data by recovering the data and processing test transactions to identify any issues.

Contact a member of your service team to discuss this topic further.

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2023 Cohen & Company