Don’t Be a Boeing: Strengthen Your Cybersecurity

There are no more excuses to bury your business’s head in the sand. The data and cyber theft threats are real. And imminent. And not just for big corporations or large government organizations. Attackers are at your front door … or worse.

There are three areas that need your consideration when it comes to protecting your data from cyber attack.

FIRST: To Error is Human: Have your processes and controls assessed and take stock of your level of cyber preparation. Pay special attention to your “human” vulnerabilities, as most cyber thefts are the result of someone either unwittingly or purposely allowing a breach to happen. The best software in the world can’t keep someone inside the organization from gaining access to your systems and processes.

Do it now. If you are defenseless you could have to pay ransomware to stay in business. Or worse, you might not be able to afford to stay in business.

SECOND: Assess your vendors and third-party providers. It’s much like going to a doctor's office in the morning for a checkup, then having your immune system attacked by the malady of the day by a virus you picked up from someone sitting next to you in the waiting room. It’s the same with vendors and those who service them. They can infect your systems in spite of your best efforts. It was the root cause of the Target data breach in 2013 that extended to as many as 70 million customers. Boeing continues to struggle as its fleet of 737 Max passenger jets – and its stock price – remains grounded due to problems with third party software described as “fatally flawed” and that has been at the root of two major airline catastrophes.

THIRD: Assess the data you transmit, process and store. Make a pecking order of data to determine which are more critical to your operation, and start at the top. Then proceed through it all.

Cybersecurity is no longer a check-the-box process; it is a way of doing business, a part of your business that must be addressed continually and methodically. We can help. Contact HBK Risk Advisory Services at 614-228-4000 or email us at with your cybersecurity questions and concerns. We can meet with you to discuss precisely when, how, where and why you need to protect your data. You can take baby steps. The one thing you shouldn’t do is nothing.

About the Author(s)

Steven Franckhauser is a Senior Director working out of the Columbus, Ohio and Pittsburgh, Pennsylvania offices of HBK. He joined HBK in 2011 and works with both the Risk Advisory/Cybersecurity and Energy divisions of the firm.

He is an adjunct Professor of Law at the Duquesne University School of Law, where he teaches business planning and cyber security courses. Steve contributes to the Penn State Extension programs on Shale development, is an adjunct Professor at Penn State University's Beaver campus in Monaca, Penn., and has been a guest lecturer on shale energy and renewable energy at The Ohio State University Fisher School of Business and the School of Arts and Sciences. He is also a past recipient of the “Who’s Who in Energy” by the Pittsburgh Business Times.

He serves on various industry-related boards and is a frequent lecturer and speaker on the economic development and opportunities provided by shale energy, as well as on topics related to the importance and development of Cybersecurity best practices, regulations and standards as they relate to businesses and individuals.

Matthew J. Schiavone is a Senior Manager in HBK’s Quality Control department and works primarily in the Pittsburgh, Pennsylvania office. He specializes in risk advisory services, system and organization control (SOC) reporting, internal controls, IT audit, information security, and cyber security for all types of industries.

Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.