Issue link: https://nebusinessmedia.uberflip.com/i/735930
10 Hartford Business Journal • October 10, 2016 www.HartfordBusiness.com EXPERTS CORNER Nonprofits, municipalities, schools need to protect against cyberattacks By Jeffrey I. Ziplow I t has become an increasingly common occurrence to see data breaches at large multinational corporations that have put consumer's personal information at risk. In recent years businesses such as Anthem, Sony and Target have all been thrown into crisis thanks to hackers breaking into their systems, gaining access to protected infor- mation and causing widespread panic. Businesses have responded, as they should, by beefing up their security sys- tems and putting new mechanisms in place to prevent those who wish to do harm from doing so, and in many instances the added measures have greatly improved security and given consumers peace of mind. But there are other areas besides business- es that continue to be at risk. Municipalities, school districts and nonprofits all store large amounts of vital personal information and, unlike with businesses, it's not just financial information that could be at risk. There is a large amount of personal information — social security numbers, health records, etc. — and other information from additional compliance standards that need protection. The good news is that municipalities, school districts and nonprofits do not have to live in fear that their information is vulner- able, nor do they need to feel unprepared for a cyberattack. Clearly the best way to alleviate these concerns is to put in place comprehen- sive cybersecurity measures that will keep the would-be thieves out and the informa- tion safe. The only caveat is municipalities, school districts and non- profits can't wait for a breach to occur, they need to act immedi- ately to put the right preventive mecha- nisms in place, before those who seek to dis- rupt and cause chaos get their chance. So what can be done to prevent a cyberat- tack? There are plenty of measures that can and should be put into place. It begins with an initial technology risk assessment, where it is determined exactly what information asset(s) a municipality, school or nonprofit has and then where the vulnerable areas are. A thorough inventory of all security systems will provide the roadmap needed to get secure information, and once it is complete, the entity will have an under- standing of what security protocols are work- ing and what needs to be strengthened. From here, security checkups can be rou- tinely administered, followed by the implemen- tation of protocols to reduce the risk of attack and then even a simulated attack — think of it as a "test run" or a fire drill — to see how these new systems are working. Advanced testing can also be considered, such as wireless security, phish- ing assessments and penetration tests, as well as a complete organization-wide update on the latest in malware and ransomware viruses. One critical step that has worked for busi- nesses and can work equally well for munici- palities, school districts and nonprofits is data encryption. This technology is basically a tool that scrambles information so that it can only be read by someone who knows the encryption key and otherwise becomes utterly worthless to people looking to steal it. The key is identifying where the critical information exists and figuring out ways to encrypt it so that it cannot be used by out- side parties. While this has now become com- monplace in the business world, public and nonprofit entities are not quite as far along in implementation, which adds to the urgency. Cybersecurity is a global concern today, and with good reason — cyberattacks occur tens of thousands of times a day across the nation and the world. While the question once was, "Could we be attacked?" it has now become more ominous, "When are we going to be attacked?" And in some cases, the attacks have already happened, or are imminent. But the risk-reduction measures already put into place in the business world need to be incor- porated into municipalities, school and non- profits and work with equal effectiveness. Times have changed and our public and nonprofit entities need to change with them. While many people may prefer not to think about it, their personal information is more at risk than ever to outside attack; it is no longer just a paper form sitting in a locked file some- where, but rather digital information that with- out proper security can be stolen and shared worldwide before the victim is even aware. Much like businesses have done in recent years, municipalities, schools and nonprofits can take swift, responsible action to protect highly sensitive and personal information. n Jeffrey I. Ziplow is a partner with West Hartford accounting and consulting firm BlumShapiro. Jeffrey I. Ziplow DEAN SCANLON STARTED A REVOLUTION. WE HELP HIM KEEP IT SECURE. " Cox Business Security Solutions gives me the fl exibility to watch over my business, no matter where I am." —Dean Scanlon, owner, Revolution American Bistro As the owner of Revolution American Bistro in Cranston, RI, Dean Scanlon can't be at his restaurant 24 hours a day. That's why we've got him covered with our top-of-the-line Intrusion Detection technology and round-the- clock surveillance in crystal-clear HD video. And with the ability to monitor everything from his smartphone in real time, Dean has peace of mind knowing that Cox Business is looking out for his business — even when he's not there. Security that means business. Visit coxbusiness.com/securitysolutions Call (877) 404-2523 Cox Business Security is available to business customers in Cox Business Connecticut service areas. Service not available in all areas. Service Agreement required. Other restrictions may apply. © 2016 Cox Communications, Inc. All rights reserved. C M Y CM MY CY CMY K