GBQ Partners’ Doug Davidson provides insight into the importance of cybersecurity in today’s worldKevin Michell We live in an era when cybersecurity is a real and pressing concern for individuals and businesses alike. That’s why a firm like GBQ Partners—one that most might associate with accounting and finance services—has expanded its scope to include helping businesses with their information technology (IT) needs.
GBQ’s director of IT services, Doug Davidson, describes information security as something that aligns well with accounting practices. Data has become as important to protect as money and the oversight of IT is akin to accountants watching over a company’s wealth and value.
“We’re business advisers in this space, not just technology advisers,” says Davidson, explaining that GBQ helps integrate IT beyond software and hardware, looking at how to protect information in interactions with third parties—whether vendors or clients—as well as internal communications, bringing on new employees and more. He compares failing to have cybersecurity measures in place to building a house but not putting any locks on the doors.
“It needs to become a regular part of how we think about business these days,” Davidson says, adding that companies should equally value having thorough backups of their information in case the safeguards in place fail to stop a cyberattack, like a ransomware infection.
IT professionals like Davidson see it all the time—companies often don’t know where to start with cybersecurity or have made information security a low priority because of budget constraints, company size or a general lack of urgency.
“The reality is not if it’s going to happen,” Davidson cautions, “it’s when it’s going to happen.”
Recent statistics validate that dire warning. A 2018 joint study from the Ponemon Institute and Keeper Security shows that two-thirds of small businesses have had some sort of cyber attack during the previous year. It goes to show that it’s not only corporate giants that are vulnerable or targeted.
GBQ and Davidson understand that this is a persistent and growing issue for companies of any size. Their IT services can help companies protect their information while adding value and efficiency through auditing, updating and monitoring a business’ IT infrastructure. But there are also ways for companies to self-audit their cybersecurity and improve on their own.
The first step is to educate employees and management on the risks in day-to-day activities so they learn how to recognize and avoid phishing attempts, malware and the unsecure sharing of valuable information. The first guard against IT breaches is a constant vigilance and caution, as many cyberattacks originate with hackers casting wide nets through misleading emails or hyperlinks as opposed to directly targeting infrastructure.
Businesses can also rely on recent legislation for guidance. The Ohio Data Protection Act, signed into law in November 2018, points to several industry-recognized frameworks for cybersecurity for companies to refer to and compare with their current security measures. GBQ often utilizes the 20 controls and resources listed by the Center for Internet Security (which can be found at cisecurity.org/controls/cis-controls-list) as a good way to compare existing IT infrastructure to current best practices and find what flaws need to be addressed.