During these everchanging times, cyber security has never been more important. With many employees working from home, firms have been forced to evaluate unique security risks. Protecting your company, your data, and your clients’ data is a huge priority. Use these three steps to ensure your security bases are covered.
Assess
Cyber criminals are more focused and sophisticated than ever. They prey on your firm’s vulnerability. Organizations must stay one step ahead. You can do this by asking yourself these important questions:
- Is our firm established with a vetted IT company that will monitor our risks and modify our systems accordingly?
- Is our anti-virus software strong and are our firewalls operating effectively?
- Are all forms of communication secure or encrypted within our firm and for our staff? (Encryption, the simplest form of cyber security, is the process of converting information into code to prevent unauthorized user access.)
- Is our firm’s data – including our client’s data – fully encrypted? Protect your client’s information by securing browsers, hard drives, and cloud application with a key code or password.
- Is our firm’s data being backed up frequently in preparation for a cyberattack? Is this backup tested periodically to ensure it is working properly?
Protect
Protecting your data and your client’s sensitive information is of the utmost importance. This is not only the responsibility of firm employees, but the clients themselves. Establish best practice standards and take steps to make this a priority for all involved.
- Educate your employees!
- Adopt Security Awareness Training. This is a key factor that can create a culture of cyber awareness in your firm. Your staff is your first line of defense, therefore continuous training will help them become familiar with the existing threats that are ever-changing.
- Establish and document an easy-to-follow data security plan. This is a strategy put in place to protect your firm’s and your client’s sensitive data. Ensure your staff understands the details and their role in regard to this plan.
- Keep an open dialogue and encourage employees to report anything that may be suspicious.
- Urge employees not only use strong passwords and change them frequently, but also to use multifactor authentication. In addition, create a policy that all staff should lock their computers before stepping away from their workstations.
- Educate your clients! Clients may assume that any communication with your firm is secure.
- Establish points of contact at your firm. Which firm employees should your clients expect to receive calls or emails from?
- Make clients aware of which methods of communication will be utilized for sensitive data. Should they trust email received from your firm or will all communication that includes sensitive data come via telephone or in person meetings?
- Urge them to use a secure password for Client Portals if your firm uses this type of client communication. Remind clients to avoid birthdays or anniversaries as they are the first guess of those with harmful intentions.
- Encourage clients to reach out to a specific point of contact at your firm if any communication they receive feels unusual. Ensure they understand they should never click on a link included in an email unless they have verified the email is legitimate.
- Review your cyber security programs and policies frequently to assess new and changing risks. Cybercriminals are constantly inventing new strategies to get what they want. In order to stay protected, you have to stay one step ahead.
- Share client and case information on a Need-to-Know basis.
Respond
Even with the best practices, data breaches still happen. Swift action and a detailed, tested plan can keep consequences to a minimum. Here are some suggestions for completing your comprehensive response plan in the event of a breach:
- Contact your IT company ASAP.
- Determine the federal and state regulations surrounding the communication of a data breach. Report breaches to impacted clients and the necessary authorities.
- Establish and document a plan should a malpractice claim be filed.
- Report lost/stolen devices used for the firm immediately and ensure there is a policy in place to remotely erase such devices if necessary.
If you have concerns or questions regarding your firm’s security, contact us at Optistar Technology Consultants. We will give you detailed information on our security solutions, discuss how we can protect your firm from becoming a victim, and answer any questions you may have.