The Panama Papers’ cyber-attack has prompted law firms to get a second opinion as to their internal defense strategy. We meet many confident IT professionals that suggest their organizations are impenetrable and possess layers of defense. But how strong are their defenses really?
There are a few basic steps your firm can be taking to help mitigate risk. Create an Information Security Committee that goes beyond just your IT department. Include key personnel and staff from upper management and relevant departments so all aspects of the firms’ security are discussed. Write an Information Security Program that includes documented policies and procedures, as well as risk analysis and contingency plans. Train your staff on cybersecurity awareness and emphasize the importance of using strong and unique passwords. And finally, allocate the proper funds for cybersecurity and have a penetration test done annually by an independent security firm to ensure you’re in a position of strength.
Withum’s Cyber Secure Services team is providing solutions for the entire cybersecurity ecosystem – from identifying key assets and protecting them, providing discovery services, responding with forensics investigation and recovery (i.e. litigation support, valuing damages, calculating valuation allowance for intangible asset impairment, supporting cyber insurance claim process) services from an attack.
For it is no longer a question of ‘if,’ but ‘when’ and ‘how often.’ I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
Robert S. Mueller Former FBI Director
If you’re concerned about maintaining the security of your clients and firm, give your cybersecurity more than a second thought. If you’re interested in learning more about Withum’s services and how we have helped firms like you, let’s start a discussion.
To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.