« Keeping the Business in the Family | Main | Deflategate, Binkygate & Disclosing Open Tax Years »

Are You Prepared for a Cybersecurity Attack?

Cybersecurity 1Is your firm or organization prepared to respond to a cybersecurity attack? What about your clients? A cybersecurity breach could occur at any time. No organization is too small to come under attack, so it is best to be prepared. When a breach occurs, companies without a plan may waste valuable time trying to organize a core team and put a strategy in place. Below are steps that you should consider as you develop a cybersecurity response plan.

1. Educate Your C-Suite

We hear about cybersecurity breaches so frequently in the news. In order to mitigate the impact of a potential attack, it is important that the executives and managers at your firm or organization understand how critical it is to have a plan in place. Gaining buy-in is a necessary first step.

2. Create a Strategy

Now that the higher-ups at your company agree that being prepared to respond to a cybersecurity breach is imperative, it is time to develop an incident response plan. The goal of this plan is to manage the event in a way that will limit damage and minimize recovery time and costs. To begin, create a designated cybersecurity response team comprised of people from various parts of the organization (i.e. information technology, communications, legal, operations, impacted area, etc.). The plan should lay out a flexible framework that can be consistently executed in response to an incident.  Examples of questions a plan should address include:

  • What events would trigger the activation of the incident response plan (i.e. phishing, credit card breach, etc.)?
  • Who will make up the core and executive response team and what responsibilities will they have?
  • Who will be responsible for triaging the incident, detailing action items and coordinating the team’s efforts?
  • Who will be responsible for post-mortem activities and sharing lessons learned?

3. Schedule a Postmortem Meeting

After a cybersecurity breach or drill, host a meeting to discuss what went well and what could be improved in the future. This will ensure that you are better prepared the next time around.

4. Practice, Practice, Practice

To familiarize the incident response team with these steps, drills should take place on a regular basis. Small scale drills mimicking low-impact incidents should take place frequently, while larger scale drills that prepare the team for a significant attack should take place annually. Practice ensures that each person who is part of the incident response plan understands his or her role.

Cybersecurity breaches are threatening the security of information at companies both large and small. For this reason, it is crucial that organizations understand the severity of these attacks and develop a plan so that they are prepared to respond efficiently and effectively.

The AICPA has resources available to help members prepare for a potential cybersecurity breach including the Forensic and Valuation Services and Information Management and Technology Assurance teams’ whitepaper entitled The Top 5 Cybercrimes. Additionally, a Top 20 Cybersecurity Checklist can be found in the IT Corner of the AICPA Private Companies Practice Section website.

Do you have an incident response plan in place at your firm or organization? We would love to hear from you.

Joel White, CPA, CGMA, Director – Internal Audit, Risk & Compliance, American Institute of CPAs

Lock image courtesy of Shutterstock


Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily