Facebook’s security breach in 2019 caused the personal information of 533 million users to be released to the public internet. In 2013, Yahoo suffered a breach that exposed the account information of nearly 3 billion users. And in 2018, Marriott uncovered a case of unauthorized access to their customer accounts that allotted for the personal information of nearly 500 million of its guests to leak. These kinds of stories, and maybe even these particular cases themselves, are common to hear about in our current cyber landscape.
Every day, companies are faced with the challenge of securing personal client and company information from the ever-changing software, hacks, and tactics hackers employ to gain access to sensitive information. The technological world is growing faster every day, and organizations around the world recognize that in order to be competitive and successful, cybersecurity is crucial to their daily operations.
In the first six months of 2021, 23 ransomware groups attacked more than 1,000 organizations, in 18 different industries, across 66 countries according to Cognyte, a market leader in security analysis.
Before we dive into what these everyday operations and security measures look like for organizations like Syverson Strege, let’s first take a look at the top cybersecurity issues facing corporate America today and the consequences associated with security breaches.
Top Cyber Issues in the Corporate Workforce
While phishing may seem like just a personal cybersecurity issue, it’s actually the number one cybersecurity threat to businesses today. Phishing happens when a hacker attempts to impersonate a credible person or business via email, texts, and even social media platforms. Even large technological companies like Google and Facebook have fallen prey to phishing schemes costing hundreds of millions of dollars in losses.
And while phishing attacks can be designed to steal sensitive information from companies, about two-thirds of all malware viruses attacking US companies result from these dangerous email attachments.
In 2020, The US Securities and Exchange Commission (SEC) found an alarming increase in “sophistication of attacks on broker-dealers, investment advisers, and investment companies, and also attacks impacting service providers.” In fact, in October 2020 alone, the Department of Homeland Security had to direct cyber warnings to companies of various industries and sizes to raise awareness of the threat of cybersecurity attacks on businesses.
Another huge issue when it comes to cybersecurity in corporate America is weak passwords. At the end of the day, no matter how large, advanced, or successful a company is, they are comprised of ordinary people who can fall into the same pitfalls of individual cybersecurity threats.
According to LastPass, a top password management company, only “35% of employers make employees update their passwords regularly.” And without instruction and direct procedures from companies to implement good cybersecurity practices in the workplace, LastPass found that only “54% of employees strengthen their passwords on their own.” In other words, if companies don’t take direct measures to ensure employees practice good cybersecurity while at work, about half of all employees won’t do it on their own, leaving a company much more vulnerable to attacks.
Securing a Company Against Cybersecurity Threats
Fortunately, there are many companies who implement the necessary procedures to keep their company and their customers safe from cyberattacks. What do these measures look like? What steps do companies take to ensure their safety?
Most companies start by examining four key areas of cybersecurity measures:
- Risk assessment
- Employee training
- Vulnerability identification & management
- Regularly scanning for potential threats
Then, a company implements procedures, purchases security software, and monitors for breaches. A small company typically spends about 10% of their IT budget each year on cybersecurity, according to a 2020 study done by AT&T. While this can be pricey, it’s nowhere near the astronomical costs of a potential cyber attack.
According to Tim Stoops, a Certified Ethical Hacker (CEH) at Access Systems, ransomware, a form of malware, costs businesses an average of $75 billion in damages each year. According to Cybercrime Magazine, a report from Cybersecurity Ventures predicted ransomware damages will cost the world $265 billion annually by 2031.
That number continues to rise as hackers become more sophisticated and organized in their attempts to gain access to money and sensitive information. In other words, companies who fail to invest in securing their data and preventing these attacks can lose much more than they bargained for.
What does that mean for you as a consumer?
First and foremost, always do your own research. Before engaging in relationships with different companies and businesses, be sure to know how they work to protect their sensitive information and how they keep their customers’ information safe. In 2021, there is no reason that a business should not be taking steps to secure their assets and personal data.
Unfortunately, because of the nature of the industry, financial institutions are much more likely to be targeted. In fact, the Federal Reserve Bank of New York published a finding that stated that financial firms were experiencing up to 300x more cyberattacks than other industries in 2019. While it is a business’s job to protect their cybersecurity, you as a consumer must be vigilant of what these measures taken look like.
Syverson Strege’s Specific Cybersecurity Measures
Here at Syverson Strege, we realize the utmost importance of implementing the correct measures to safeguard ourselves against cyberattacks, and we wanted to share with our clients some of these elements. Matt Roberts, Syverson Strege’s Chief Planning Officer, lists a few:
Password updates are required every 90 days for all employees.
Multi-Factor Authentication (MFA) is required for all software containing sensitive information. This means that in addition to a password, it is required to get a unique code sent via text to gain access to the system.
Email encryption is used to send sensitive information to you and your professional team (accountants, attorneys, insurance agents, etc.). If you see an email that references “Zix,” that means it has been sent securely.
Firewalls and Virtual Private Networks (VPN) are used to protect our network and servers. In addition, we hire an IT consultant to do an annual security audit to expose and fix any system vulnerabilities.
Email requests are not acted upon when trading or making distributions from your accounts. If we receive an email request, we will follow up with a call to verify your request.
TD Ameritrade is a critical partner of ours that takes many steps to ensure your assets are safe and secure. Click here to view their security procedures.
Keeping our clients safe from cybersecurity breaches is our duty to you as your financial planners. We are continually doing research on cybersecurity matters and looking into new ways to further protect your livelihood. If you have any questions regarding our practices on this matter, please do not hesitate to contact your financial planner.
Click here if you’d like to read the first article on personal cybersecurity in our two-part series.
If you are not a current client of Syverson Strege, we invite you to call 515-225-6000 to schedule a no-obligation, complimentary, private consultation with one of our planners.
This is the second of a two-part series on cybersecurity written by Lauryn Woerdeman, student at Iowa State University, and fall intern at Syverson Strege. Lauryn also interned for the marketing and communications department this past summer assisting with website projects, social media, and other marketing projects. Lauryn is a Business Management major. In her spare time, she enjoys playing the piano, reading, running, the outdoors, and time with friends and family.