By Jessica Salerno, OSCPA senior content manager
Protecting an organization from cyberattacks isn’t a simple item to just check off the to-do list, one IT expert says – it needs to be a continuing effort.
Gomach joined The State of Business podcast this week to discuss ransomware, what to tell clients about cybersecurity and steps to take after data has been hacked. Gomach said the top ways a company can protect itself are to:
Gomach said one of the most common mistakes he hears companies make when it comes to ransomware is assuming that a business is too small to attract the scrutiny of hackers.
“It can happen to anybody, and it happens to everybody,” he said. “No matter what vertical you're in nowadays, you have to be aware of it and you have to do something about it.”
Another mistake Gomach said is when business owners think their staff will never click on a malicious link or attachment. Everyone makes mistakes; even people who have been trained can have a brief lapse of judgment that results in a serious issue if the organization isn’t properly protected.
If your company is delaying implementing better cybersecurity because of the cost, Gomach said to think about the cost to the business if it couldn’t operate for a week or a month.
“The cost of being out of business for an extended period of time is significantly more costly than what it would cost to put it in some of these small security efforts that would help mitigate your risk,” he said.
CPAs are often put in roles where they have responsibility for more than just their area of expertise, and Gomach said IT security can fall under that list. Someone unfamiliar with cybersecurity best practices without an IT director to lean on should consider bringing in an outside vendor, he said, to point out holes or gaps in the security.
“It's just all about being aware of things, he said. “And never stopping your security journey at the end of the day.”
For learning opportunities around cybersecurity, visit MyOSCPA.