Boards of Directors are focused more on Cyber Security Incidents

Share Your Thoughts: Facebooktwitterlinkedin

Boards of Directors are focused more on Cyber Security Incidents

Ken Mercer, Firestorm Principal, and Jack Healey, CPA/CFF, CFE teamed together to present key facts and recommendations to prevent your organization from falling victim to a cyber security crisis.


  • It’s estimated that 65% of all organizations have experienced a Cyber Incident in 2016.
  • The number of stolen records are approaching a trillion records.
  • The average incident goes undetected for 214 days.cyber attack
  • The Internet of Things (IoT) represents a new dynamic to the problem.
  • Yahoo reduced its sales price by $350 million due to poor breach response.
  • The FBI estimates $1 billion in losses incurred in 2016 due to ransomware.
  • While most focus on Cybersecurity, the evolving issue will be privacy rights.

What steps can you take to improve your security posture, and reduce your risk of a cybersecurity incident?

1. Develop a Cybersecurity plan using a recognized protocol such as the National Institute of Science and Technology (NIST) framework. This framework is available for large and small companies.

2. Practice good Cybersecurity hygiene:

  • Install and update Firewalls and Anti-Virus software.
  • Adopt complex passwords and two factor authentication. Complex password software is very affordable.
  • Update all software and apps – if you don’t use them – delete them!
  • Install Encryption software on all devices especially laptops, tablets and mobile phones. Again, this is very affordable.
  • Segregate and back up data frequently – at least daily in an ‘off line’ environment.
  • Keep only data you need, and encrypt it when not in use. Discard all old and unused data, and remember to shred paper data.
  • Restrict access to data to only those required to have access.
  • Restrict ‘administrative rights’ to only those required and qualified to use (hint: not usually the CEO). Train your associates on ‘phishing’ and business email compromise frauds so they don’t become victim.

Related: Download the Paper: Cyber Crisis 2017 – The Heavyweights Weigh In

3. Include your outside experts: legal, risk (insurance), forensics, communication, compliance, and Firestorm breach coach in your Cyber Incident Response Plan.  Test the plan, your first cyber attach is a bad time to practice your response with the plan for the first time.

4. All experts agree that almost all companies have been hacked; being prepared is more important than believing you can stop it.

A Cybersecurity Response Plan should be part of your overall Enterprise Risk Management plan.  New laws in numerous states and the European Union regarding the privacy rights associated with data now make the penalties for losing that data extraordinarily high.

Firestorm leadership, as experts in vulnerability analysis, risk mitigation, planning and crisis management, supports management and organizations before, during and after a cybersecurity crisis. How you answer the questions “What should we do now?” and “What should we say now?” can have far reaching implications for an organization.

Do not hesitate to reach out to the Firestorm team to help kickstart, or update your cybersecurity plan. We’re here to help.

About the Authors

web ready Jack Healey-2 by Marchet ButlerJack P. Healey, CPA/CFF, CFE

Mr. Healey is an expert in operational, financial and organizational governance strategies and tactics. He has focused on those elements of business operations which increase cost, drive inefficiencies and reduce the effectiveness of an organization’s performance. He now instructs business executives how to eliminate these ‘financial mud holes’ in their organizations.

Mr. Healey’s unique background as a trained negotiator, a COO/CFO and Corporate Secretary of a public company (coupled with a successful career as an audit and forensic partner and fraud fighter in a public accounting firm) brings a unique perspective to address the financial, governance and human elements which impact a business.

He has developed the Business Crisis Predictive Diagnostic Model™ which identifies the hidden crisis-risks imbedded in businesses before they become a crisis. He has used this model to successfully identify process and functional deficiencies. If left unaddressed, these would significantly impact the people, profitability or reputation of an organization. Learn more about Jack.

Crisis Management Ken Mercer

Ken Mercer

Ken is a graduate of West Virginia University with a degree in pharmacy.  He brings significant experience to Health Industry businesses with a focus on Hospitals and Senior Care Centers.  He has managed retail, nursing home, and hospital pharmacies and has owned a successful business during his twenty-nine year career.

Ken’s extensive operations management and lean principals experience provides our customers with a global business perspective with a clear and profound connection to the impact on human well-being and safety.

The proud father of three successful children, lives in Baltimore, and enjoys scuba diving, sailing, and playing guitar. Learn more about Ken.


Share Your Thoughts: Facebooktwitterlinkedin