Fifty percent of manufacturers experienced data breaches last year, according to a recent study from Sikich LLP. These data breaches can happen to organizations of any size, said Christopher Hartley, director of cybersecurity at Sikich.
“I really think the time has come that organizations, large or small, need to really embrace developing a security program around risk management and data privacy in their environments,” Hartley said.
He attributes the results mainly to smaller companies not investing enough in their cybersecurity because they think they are not important enough to be attacked.
“It doesn't matter the size of your organization or what you make. It doesn't matter,” Hartley said. “You have information and people can go ahead and try to obtain it.”
He said one of the newest ways cybercriminals steal company information is “ransomware,” which he defines as the “ability of a hacker to encrypt all of the data in your environment.”
“Basically, they will gain access to, say, a critical server that has R&D information, or anything that might be valuable to the company, and they encrypt the entire system,” Hartley said. “And if you want the unlock codes to your data, you have to pay them money.”
He said recently a city in Florida had to pay $600,000 for ransomware to gain access to their systems. The city of Akron and some school districts have also experienced ransomware scenarios, he said.
The best ways to prevent cyberattacks are to invest in proper security programs and employee training, Hartley said. There need to be processes in place, made up of people and technology, that will combat an attack. One of the biggest things is making sure employees know what a cyberattack looks like.
“A lot of the things we see today of ransomware are because employees open an illicit email, through a phishing campaign. This is because they weren't properly trained on what a phishing attack looks like, and why you need to be vigilant when you're looking at emails from places or people that you don't know.”
Hartley said cybersecurity is important not only for CPA firms themselves but also for the clients they work with.
“As you're working with customers, especially if they’re associated with the manufacturing and distribution environments, help them implement processes or at least get in touch with organizations like us that can help them address their security program needs. This is something that shouldn't be swept under the rug, there's a lot of vigilance that needs to take place now because everybody's a target.”
Sikich LLP has a forensics team to respond to cyberattacks for their clients and assist with anything they need. They also offer preventative assessments to determine an organization’s risk, give actionable recommendations and show them where they need to invest budget dollars.