We had just started the new year when news hit of the Spectre and Meltdown vulnerabilities, which impact almost all computers manufactured during the last 20 years. Given the magnitude of this security fracture, and the frequency of newly identified cybersecurity issues, this requires another "gut check" evaluation of how your firm prepares for and responds to cybersecurity threats.
Regardless of your firm's size, however you measure it, it can be overwhelming and confusing to stay informed about the latest cybersecurity vulnerabilities. You should know if your operating system, virus software and other programs are up to date with the latest security patches.
However, several of the early patches for Spectre and Meltdown didn't work as expected — and some were even retracted after they were released — so now it requires even more work to determine whether you have the latest patches installed.
Bottom line: You need to know how you are handling the patch process in response to the Spectre and Meltdown threats. Are you really staying on top of it? If you aren't sure of the answer, it's probably "no." Somebody, whether it is an in-house staff member, an outside IT firm or a combination of both, needs to have this responsibility as part of their regular to-do list.
The days of having a part-time tech-savvy friend "occasionally" work on your IT systems are long gone.
Your systems could be more vulnerable to an attack while you wait for them to stop-by your office to install the latest security updates. Instead, advisors should consider working with experienced IT services companies to help with this important task. Many of these firms offer a variety of support solutions depending on the specific needs of your firm.
Perhaps the most challenging aspect of all these new cybersecurity vulnerabilities is that it generally requires everyone to take action to address the issue. Your firm could be very diligent in doing everything possible to protect your systems, but often that is not enough.