Blog

"We don't have data others would want." 

I hear that statement quite often from executives and business owners regardless of size or industry. It typically prompts several questions from me.

• How do you know?  
• What steps have you taken to understand your data? 
• What information is important to you or your competitors? 
• What information would be most damaging to your business if it became public? 
• How do you plan to stop someone from stealing your data?

While many of the reported stories of data breaches involve large, well-known companies such as Target, Barnes & Noble, Nortel, Nissan, and others, in the world of cyber-crime size doesn’t matter – only information does. Just because a breach isn’t splashed in the headlines doesn’t mean it isn’t happening. Companies large and small across the country and our region deal with this every day and the reality is that your business could be next. One company’s Internet footprint looks the same as another to anyone interested in finding something of value, whether it’s credit information, personnel information, intellectual property such as engineering drawings or processes, technology or other industrial assets.

Cybersecurity has moved to a business imperative that is enabled by IT. No longer is this just an IT issue keeping your CIO up at night. Many boards are finely tuned in to what is going on around the world related to cybersecurity. Executive leadership is increasingly being held accountable for protecting the company’s information assets. Regulators have continued to up their cyber game and pay closer attention to how a company’s information security program could impact the going concern of a business.

A strong information security program can facilitate business growth, create market advantages, and build brand trust. Data privacy and trust have become critical business requirements as exponentially more consumer and business information is generated and shared with your partners. 

What can your company do now?

Your IT team may not have the cybersecurity expertise or the time it takes to monitor cybersecurity threats 24/7. Day to day, the IT team is often focused on supporting the business and projects that drive revenue.

Cybersecurity is everyone's business—including C-level executives, managers, administrative assistants, and even part-time office staff.  Unfortunately, any employee can be a potential cybersecurity attack vector, and cyber breaches don't always come from the outside. You can put all the right traditional cybersecurity measures in place, but all it takes is one employee clicking on a phishing email.

Understanding your organization's cybersecurity maturity, knowing where there may be gaps, and addressing those issues is imperative. Taking proactive steps to mitigate cybersecurity risk can mean the difference between a data breach or business as usual.

GJM’s customized cybersecurity assessment provides you with a high-level view of your organization’s cybersecurity maturity, determines your risk exposure, provides advice on potential process gaps, and helps guide you to realistic action plans.

Rapid Assessment includes:

• Best practices for cybersecurity controls, based on successful strategies from well-known security and compliance frameworks
• Identification of potentially critical security issues
• Actionable, quick-fix opportunities to improve security
• Outline of recommendations and roadmap for remediation
• Guidance for ongoing improvement of the organization’s security 

When it comes to your data, there is no single magic bullet that can protect you from every scenario. But you can improve your overall security posture by taking a closer look at your internal practices. Cybersecurity rapid assessments do more than analyze threats – they help you neutralize threats before they compromise your business. Today, it’s vital that every small to medium-sized business conduct a cybersecurity rapid assessment to ensure that its security is keeping its business, network, and data safe, preventing cyber threats, and meeting regulatory guidelines. If you are interested in learning more about GJM’s cyber risk services, please contact Matt Hoverman at mhoverman@gjmltd.com. 

Matt Hoverman, CISA contributed this article. Matt is a partner with Gilmore Jasion Mahler, LTD and leads the firm’s Risk Advisory practice. He has spent his entire career helping companies of all sizes understand the impact of technology on their business.

Established in 1996, Gilmore Jasion Mahler, LTD (GJM) is the largest public accounting firm in Northwest Ohio, with offices in Maumee and Findlay. Locally owned, GJM offers cloud-based accounting and provides comprehensive services including assurance, business & transaction advisory, healthcare management advisory, outsourced accounting, and risk advisory. The firm’s professionals specialize in industries including construction & real estate, healthcare, manufacturing & distribution, nonprofit, private equity and utilities.