Warren Averett’s Paul Perry, FHFMA, CISM, CITP, CPA, CDPSE, was recently featured on the CyBUr Guy podcast. He joined retired Special Agent and host, Darren Mott, to discuss cyber threats and how they relate to small and medium businesses.
The CyBUr Guy Podcast is designed to present current cyber trends and threats and discuss cyber investigations. It features current threats and trends to the industry that law enforcement leaders, individuals and businesses can consider.
Paul discussed many topics over the course of the 49-minute podcast, including why it’s important for small and medium business owners to protect their cyber assets and how the cyber threats to these businesses have changed over the years.
“Even when we were auditing 17 years ago, we were still on paper. It’s basically changed 100% since 2004, when they used to have one computer. The threat landscape wasn’t very large at that point,” said Paul. “Becoming an online presence and being a part of the global economy is what has made them successful. As they grew, the landscape of threat grew faster than they could keep up with.”
He also talked about the top current cyber threats to these businesses. “Business email compromise is the one that I think is hitting people the most. But I want to move more towards what they’re doing internally, and the number one deficiency that we see is terminated employees that still have access to the system,” said Paul.
“The threat of that—called access management—and doing that incorrectly is one of the biggest threats. Knowing where your vulnerabilities are can take away that threat.”
Paul also discussed how important it is for small and medium businesses to have protection policies. Aside from the above threats, companies also must deal with problems with vendor management, security awareness training and more. It is important for companies to know who they’re using vendor-wise and to manage any threats that may come with that.
The conversation wrapped up with more talks about how it is vital for small and medium businesses to protect themselves from phishing, other threats that come to the companies that are in their supply chain and cyber security insurance.
Paul also stressed the importance of cyber education and how it can help businesses protect the company as a whole and their employees by making it harder for cyber threats to get in.
Paul Perry has been with the Firm since 2004 and is a Member. He is the practice leader of the Security, Risk and Controls Group. While he serves clients in many different locations, he is based in the Birmingham office and focuses on cybersecurity, information technology related projects, risk assessments, internal controls and more.
He is also the leader of the Firm’s Data Analysis Group, and, for more than 11 years, he specialized in auditing and assurance services.