October is Cyber Security Awareness Month and provides a great opportunity to review our cyber security posture and make appropriate updates. Take a moment to review the “Secure Our World: 2023 and Beyond” from the Cybersecurity & Infrastructure Security Agency, resources from the National Cybersecurity Alliance, the “Top Ten Cybersecurity Misconfigurations” from CISA and the NSA, or check out RubinBrown’s cyber security E-Focus articles.
We recommend every organization perform a mini assessment and ensure the following are in place:
- A qualified cyber security person (internal or 3rd party) is engaged to assist the organization;
- Multi-Factor Authentication is in place wherever possible;
- Security Awareness Training is performed at least annually with monthly updates and reminders;
- Vulnerability management processes are in place to validate system patching and eliminate exploitable protocols and services that may be running;
- Cyber security monitoring is in place to identify potential access issues in the environment;
- Backup and Recovery solutions routinely running and tested for effectiveness;
- Effective governance that includes security policies and procedures;
- Incident response and disaster recovery plans that are tested/exercised annually.
- The measures above are designed to reduce the likelihood, or at least minimize the damage, of a cyber attack. The list is not comprehensive, but will make sure you are not an easy target.
As always, if you have questions about cyber security, RubinBrown remains available to answer questions or assist.
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.