SHARE
advisors
Man watching video on monitors
Feb 28, 2018

What steps must I take to achieve maximum cybersecurity?

Over $80 billion. That’s the amount companies worldwide spent on cybersecurity hardware, software and services in 2017. This year, that number is expected to increase by nearly 10 percent. And to put that $80 billion in perspective, this dollar amount equals four times what Apple, Microsoft and Facebook spend on R&D in a given year, combined.

Not only is cybersecurity big business and getting bigger; for high net worth individuals and companies of any size, it is no longer an option. Just look at the news. Cyber vulnerability is everywhere: retail chains, credit bureaus, car services, banks, even presidential elections, all hacked and breached.

Our firm takes seriously this new normal in tech security and its threat to our clients—so seriously that we now have dedicated staff and resources focused on protecting our clients from exposures that go well beyond a hacked credit card.

Which brings us to the question: What steps must you take as a business owner and/or executive (not to mention as a member of a high net worth family, a favorite target of hackers) to achieve maximum cybersecurity?

Step One: Cyber-Risk Assessment
As it name implies, a cyber-risk assessment examines your vulnerability to a hack—from your corporate or business office, to your home office, credit cards and, yes, all those smart appliances you now rely on. Until you see where the holes are, the gaps, the weak points—and the human risk factor—you cannot devise a coordinated cyber strategy.

If you choose to do the assessment on your own, you can access resources such as a set of guidelines issued by New York State’s Department of Financial Services. Or, you can engage a firm such as ours that offers a full range of cybersecurity services, including the development of an integrated cybersecurity plan.

Step Two: An Integrated Mitigation Strategy
The next step is to mitigate your cyber vulnerability by patching those holes and strengthening those weaknesses. In the world at large, and for individuals and business, too often cybersecurity is a crazy quilt of firewalls, encryption and other measures that operate independently. We would suggest emulating a movement in Europe toward compliance with the EU-required General Data Protection Regulation.

Simply put, GDPR bundles together all data exposures, from credit cards to healthcare data, and creates an integrated security effort that produces what one might call a “cocoon” of safety around one’s cyber world. 

Step Three: Monitoring
The old saying, “Trust, but verify,” applies here. That means making sure your own GDPR actually works. One of our first steps in working with clients on this issue is to see if we can breach their security. To date, we have never not gotten in.

The goal, of course, is to make it almost impossible for us, or anyone else, to get in after the upgrade. This requires two steps. The first is creating a set of guidelines for our client company and its employees on what not to click, if you will. Next comes monitoring of our clients’ day-to-day activities to see if people are following the new rules.

All personnel must carefully follow procedures, and firms like ours can train them for you. After that, if there are employees who do not comply, well, the next step is up to you.

Ultimately, the goal in this process is for you to be a realist about cybersecurity. In short, it is not whether a breach will occur, but when. It is going to happen. Be sure you have an internet response plan. Because, as is true in all of life, you always want to have a plan B. 

Sources: Business Insider, NASDAQ

RECENT TWEETS

Disclaimer: Worth magazine is a financial publisher and does not recommend or endorse investment, legal, insurance or tax advisors. The listing of any firm in the 2018 Worth® Leading AdvisorsTM Program does not constitute a recommendation or endorsement by Worth magazine of any such firm and is not based upon Worth magazine’s experience with, or prior dealings with, any advisor. The information presented for each advisor, including but not limited to any related profile, statistical data, presentation, report, commentary, recommendation or strategy, has been provided by such advisor without review or independent verification by Worth magazine. Any such information is the sole responsibility of the advisor. Worth magazine makes no representation or warranty as to the accuracy or completeness of such information, assumes no liability for any inaccuracies or omissions therein and disclaims responsibility for the suitability of any particular investment recommendation or strategy for any person. Nothing contained in Worth magazine constitutes or should be construed as any form of investment, legal, insurance or tax advice or as a recommendation to buy, sell, hold or trade any securities, financial instruments or assets. Readers are advised to consult their legal, financial, insurance and tax advisors prior to making any investment or pursuing any investment strategy. Past, model or hypothetical performance is not indicative of future results.

back to top