NewHavenBIZ

n e w h a v e n b i z . c o m | A p r i l 2 0 2 1 | n e w h a v e n B I Z 19 Go to www.newhavenbiz.com/healthcareheroes to nominate! DEADLINE June 10, 2021 NOMINATIONS NOW OPEN! Supporting Sponsor Presenting Sponsor The Health Care Heroes Awards identifies outstanding leaders in the healthcare industry who are the epitome of a "hero." Whether they are doctors, nurses, specialists or managers, join us in recognizing those individuals who embody the word "hero" and prove their excellence in helping others. F O C U S : A c c o u n t i n g A s the risk of cyber attacks has increased during the pandemic, local experts say employers can take several measures to protect their personal data. A company or organization needs to en- sure security no matter how employees are working, whether it is in the office, remotely or a hybrid model, according to Frederick Johnson, vice president of cybersecurity and digital forensics for Marcum Technology. "e attackers only have to break in one place, one time," Johnson said. "As the defenders, we have to defend everywhere 24 hours a day." Johnson recommends that business lead- ers stay abreast of all latest developments, including the latest potential threats, and whatever new technologies are available to help protect them. "e speed of change is increasing, so it's even more important to be vigilant," Johnson said. Johnson also recommends reviewing all client and vendor contracts to ensure com- pliance with required notifications, such as if a breach is not only confirmed, but even suspected. "We are advising our clients that as we emerge from COVID, we anticipate there will be a lot of litigation around breaches that have occurred while people worked at home," Johnson said. "We suspect there will be a lot of companies that will use the court system to be made whole. Understanding your obligations is critical." David Nowacki, director of cybersecurity with ClionLarsonAllen (CLA) in West Hartford, said the No. 1 thing business- es should be doing, regardless of size, is educating their employees. Business leaders also need to encourage and remind workers to be skeptical and not click on suspicious emails. "Make sure they are knowledgeable about how their behavior impacts the data they are obligated to protect," said Nowacki. Employees also should be trained in best practices when handling, storing and Tips for preventing cyber attacks on your business By Michelle Tuccitto Sullo processing data. "You shouldn't be storing things in your Google Drive, forwarding things from your work email, or storing information locally, it should all be on your organizations' sys- tems," Nowacki said. Businesses should also ensure they patch their systems so if someone does click on a malicious email, it won't have a significant impact on an organization, he said. He also recommends having a reliable incident response plan in place and having insurance to cover cyber breaches and damage. "Make sure that not if — but when — you get hit, you have someone to call," Nowacki said. "e cost of a breach is going up, and you are going to get breached at some point." Nowacki recommends that business- es periodically have someone perform a cybersecurity vulnerability assessment, or penetration test. Benevolent hackers can try to penetrate your systems, and then if they are successful, provide you with a list of steps you can take to stop it when the ma- levolent hacker tries to do so in the future. Since scammers use websites to get information on key individuals for their attacks, Mark Torello — partner in charge of Whittlesey Technology, a public account- ing, technology and cybersecurity firm — recommends only putting upper-level management's contact information online. Companies also should use independent verification by a secondary medium of communication, Torello said. If an email comes through asking for a wire transfer, an employee should call or text the person to make sure the request is legitimate, he advises. He also recommends training employees on how to recognize a phishing attack and then periodically testing them. Many firms spend time investigating breaches and helping clients during the aermath, but they would rather help with prevention. "We preach prevention to anyone who will listen," Torello said. "We want busi- nesses, schools and nonprofits to take this seriously. A breach is costly not only to their reputation but their bank account." n David Nowacki is the director of cybersecurity with CliftonLarsonAllen (CLA) in West Hartford.

• Cover