With the invasion of Ukraine entering its third week and Russia reeling from aggressive global sanctions that have tanked its economy, experts are putting businesses around the world on high alert about the threat of cyber warfare.
Recent global and US cybersecurity attacks
The U.S.’s cyber defense agency has warned that Russia will likely retaliate against organizations in the west with targeted cyber-attacks. In fact, some businesses confirm it already has.
“Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on the Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region,” the U.S. Cybersecurity and Infrastructure Security Agency said. “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
A number of businesses have already confirmed such warfare. Google said it has uncovered widespread phishing attacks targeting Ukrainian officials, media companies and the Polish military in recent weeks. Los Angeles-based Resecurity Inc. told Bloomberg that hackers gained access to computers belonging to current and former employees of nearly two-dozen major natural gas companies in the US, including Chevron and Kinder Morgan, on the eve of Russia’s invasion.
How to protect your practice from cybersecurity threats
While accounting firms are usually ahead of the curve in regards to protecting private client data, it is especially important to reevaluate your cybersecurity plan if you have not already.
So, how can business leaders ensure their data is not compromised?
1. Have a contingency plan
Ask yourself what would happen to your business if your entire IT system were to shut down today. Would your business still be able to operate? Do you have contingencies in place? How would you recover?
Don’t assume that just because you’re a small business you’ll slip under the radar. Data shows that 43% of all cyberattacks target small businesses, with their share of the entire pie increasing dramatically over the past 10 years.
Writing and implementing a formal and documented contingency plan will help guide your decisions during a period of crisis and minimize the impact on your business.
2. Check your supply chain
Keeping private company and client data safe shouldn’t just stop at the frontline defenses of your own organization. Amid Russia’s aggressive attack on Ukrainian civilians, politicians and businesses, it’s important to look at your entire supply chain.
Are any of the security products or software services that your firm uses of Ukrainian descent? Ukraine has numerous software engineers, code writers and hosted services. In fact, several Ukrainian IT firms are included in the top 100 outsourcing companies globally. While we don’t urge you to cut ties with these businesses, it’s important to reach out to them about this heightened threat so that you can all be in lockstep to protect against cyber aggressors.
3. Retrain employees on cybersecurity
Many times, employees unintentionally interact with a malicious link that could infiltrate and impact your entire business. Or, they use easy-to-guess passwords. We know that 95% of cyber-attacks are a result of human error.
With this escalating global conflict, business leaders should be reminding employees of the importance of using strong passwords and being suspicious of certain emails or links. Conduct staff training and rally corporate culture around security.
4. Work with partners to boost security infrastructure
You may have security protocols in place, but now is a great time to connect with your vendors, IT departments and external IT support to ask them how to improve your security infrastructure.
Ask them what systems are being hit the hardest with cyber-attacks, and how you can further fortify your technology infrastructure to prevent a data or systems breach. There are a number of ways to do this, including using single sign-on [SSO] password management software that can encourage employees to use more complex passwords.
5. Download Woodard's Data Security Plan Workbook
If you have not yet done so, download Woodard's Data Security Plan Workbook. The workbook will help you evaluate your current data security systems, implement actions, and document what you have and are doing. Following the workbook will allow you to meet the FTC's standards that you are required to meet.
6. Share this information with clients and colleagues
Share this article with your clients and colleagues, either by sending the link to the article to them or by sharing it on social media (see the social media icons just below the article. Doing so may provide just what they need to protect themselves.
In times of crisis, it’s best to be prepared.
We share your hope that all accounting businesses escape unscathed from cyber warfare amid Russia’s escalating aggression. But the truth is that corporate resilience and preparation are crucial to ensuring business continuity in times of crisis.
With the threat of war pouring outside of Ukraine and into Europe, uncertainties are running high and threats are ever-present. Now is the time to double down on your efforts to fortify your defenses and dust off your contingency plans. You must be ready to act.