Vadim Shelomyanov, CEO of INVAR Technologies, and Jim Ambrosini, Managing Director of CohnReznick LLP, spoke at the Operations & Compliance for Alternative Investment Funds event in New York about how companies can protect themselves from cybersecurity threats.
Recent security breaches, including the likes of Yahoo in 2016 and WannaCry in 2017 (with 200,000 systems affected) are wake up calls for many organizations who are yet to develop robust and secure cybersecurity programs.
Jim explained, “It’s critical that companies have an incident response plan. In times of crisis, it’s easy for people to panic and make rash decisions. But in the case of most cybersecurity breaches, the right agency just needs to be notified initially and then the recovery plan can be implemented afterwards.”
Jim added, “For example, according to the new DFS cybersecurity regulations, you have 72 hours to notify the superintendent. Companies need to make sure that they comply with these laws at a minimum.”
Vadim agrees, “At the first signs of a breach, the security team should understand the alerts and start the incident response plan. Managing company reputation is also very important, a cyber-attack can be very expensive for a company in many ways.”
The panel discussed how breaches can happen in businesses, with employee error being a top factor. Vadim commented, “95% of breaches today happen due to employee error. Educating them on how to spot a bad website or email plays a huge part in the reduction of security breaches.”
Jim added, “Strong, connected infrastructure and network-level security are essential to keep a company safe from attacks. Penetration tests, on-site and off-site backups of all critical data should be undertaken regularly to ensure nothing is lost in the event of a breach. However, you still need someone on the other end to monitor it and check for false positives. Cybersecurity involves people and IT, not one or the other.”
Managed service providers (MSPs) were credited as being a critical factor for many companies in identifying and dealing with attacks early. Vadim explained, “You may not even know if you have been compromised initially but most MSP’s have the capability to constantly monitor systems, they can help CIOs by alerting them of any red flags and deal with breaches instantly.”
He continued, “If you need to evaluate an MSP, we’ve actually created a guide to help companies evaluate vendors - https://invar.nyc/choose.”
The room asked questions around passwords and best practice for companies, Jim explained; “The industry standard is to have 8 characters with a level of complexity and a mix of letters and numbers. There are other tools such as multi-factor authentication that can send a text code to your phone which can improve security even further.”
Vadim added, “We also recommend that clients create very long passwords and use separate software to store passwords. Having data in separate places means it's much more difficult for an attacker to find your information.”
For more information on cybersecurity and how to deal with cyber attacks, you can schedule a free cybersecurity review with INVAR Technologies today.
Notes to Editor
About INVAR Technologies:
INVAR Technologies is a boutique managed IT firm serving clients in the New York tri-state area. INVAR was among the very first in the VoIP space in 2003 and since then, have grown their services to a fully managed IT offering to small and medium companies. For more information, visit invar.nyc.
About CohnReznick LLP:
CohnReznick LLP is one of the top accounting, tax, and advisory firms in the United States, combining the deep resources of a national firm with the hands-on, agile approach that today's dynamic business environment demands. With diverse industry expertise, the Firm provides companies with the insight and experience to help them break through and seize growth opportunities. The Firm, with origins dating back to 1919, is headquartered in New York, NY with 2,700 employees in offices nationwide. CohnReznick is a member of Nexia International, a global network of independent accountancy, tax, and business advisors. For more information, visit www.cohnreznick.com.