Cybersecurity Checklist of Measures to Implement (Allen, Gibbs, & Houlik)

Technology
August 1, 2022 - Allen, Gibbs & Houlik, L.C.


This is a thought leadership article from PrimeGlobal Member Firm, Allen, Gibbs, & Houlik about the importance of implementing good cyber security for your firm, and a useful checklist to ensure you don't miss anything.

If you have an interesting piece of thought leadership to support the accounting and advisory sector adapt to current challenges and opportunities you can submit an article here.


The latest IBM report found that lost business continues to be the highest cost of a data breach (seventh year in a row). Almost 40% of the total cost of a data breach results from lost business. For organizations with less than 500 employees, the average cost of a breach rose by 25% year-over-year. As we like to tell clients, cybersecurity risk is business risk.

The US Cybersecurity & Infrastructure Security Agency (CISA) recently issued a checklist to help organizations of all sizes reduce the likelihood and impact of a potentially damaging cybersecurity event. We believe the steps listed by the CISA below can help senior leaders better understand their risk environment and take appropriate actions now.

Protect
  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization uses cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Detect
  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to investigate issues or events better.
  • Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
Respond
  • Designate a crisis-response team with main contact points for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal, and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a table top exercise to ensure all participants understand their roles during an incident.
Recover
  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is affected by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

In Summary

By completing this checklist, organizations can earn quick wins toward boosting their cybersecurity practices and organizational resilience. Items in the checklist intentionally go beyond software and tools, providing a balanced approach to cybersecurity i.e. the people, processes, and technology.


Brian
"Today’s accountancy and advisory firms face an increasingly complex array of cybersecurity risks. Unchecked, these risks can impair critical services, jeopardize client relationships, and disrupt firm objectives. An effective cybersecurity risk management program can help identify, prioritize, and mitigate those risks" Brian Johnson, Senior Vice President, Technology Services, Allen, Gibbs, & Houlik

Content by:

Allen, Gibbs & Houlik, L.C.

Built on the foundation of a strong audit and tax practice and driven by client need, Allen, Gibbs & Houlik, L.C. (AGH) offers a broad range of advisory services in multiple industry sectors. AGH looks forward to the opportunity to help and exchange knowledge within the PrimeGlobal member firms. Outside the “traditional” accounting arena, client needs led AGH to create advisory services addressing those concerns. AGH Employer Solutions helps clients recruit, compensate, engage and retain talent, handle payroll or provide an outsourced CFO/controller. AGH Advisors walks companies through business transitions, mergers and acquisitions, from analyzing options to post-merger operation.

Learn more