High-profile instances of cyber-crime make headlines every day, and large organizations such as Sony Pictures, Anthem and Home Depot are not the only targets of hackers. Smaller organizations that receive and maintain sensitive personal information, including accounting firms, also are the targets of cyber attacks, and there is no guarantee that any computer network is secure. In the case of Sony Pictures, the FBI stated that the level of sophistication of the attack was so high it would have gotten past 90 percent of private industry and government cyber defenses. However, there are some simple steps you’ll want to take to mitigate your risk, as the financial and reputation consequences of losing sensitive client information can be significant.
Secure All Hardware
Sophisticated cyber attacks are not the only way sensitive client information can be compromised. Laptops, hard drives and personal devices such as smart phones often contain sensitive information that can be compromised if those devices are lost or stolen. At a minimum, devices should be password protected, and in the case of smart phones and tablets, configured to be erased remotely. Encryption of the data on such devices can help to prevent the loss of sensitive personal information, even if the devices are lost. The more sophisticated the encryption, the more comfort you will have that the information is secure. An IT professional can help you implement proper encryption protocols.
Educate All Users
Threats posed by phishing email attacks and malware can be mitigated if users are trained to recognize them. Being able to identify suspicious email communications and attachments and knowing to hit the delete key without opening them can greatly reduce the risk of malware infecting a device. In addition, passwords are a crucial defense for work and personal email accounts. Systems
should require complex passwords consisting of a combination of upper and lower case letters, numbers and special characters to reduce risk posed by cyber threats.
Select the Right Security Software
You should, and probably already do, invest in Internet security, including virus and malware protection and firewalls. However, security software is constantly updated to address existing and new threats as they emerge, so you need to ensure that you have the most current versions. At the outset, be sure the software you choose is regularly and reliably updated. If you need assistance selecting software, you should engage your information technology provider to help you make a sound choice.
Understand the Cloud
If you decide to take advantage of the benefits that cloud computing has to o#er, you should ensure that the vendor you engage maintains security over its servers and can provide you with representations that it has undergone a third-party review of controls and safeguards, including encryption for sensitive data. You should know where the information is being stored, how it is protected and who has access to it. Keep in
mind that the cheapest option may not be the best. You want to be sure that you select a reputable vendor that will be in business for years to come.
Put the Law on Your Side
Even before you encounter a situation where sensitive client data may have been compromised, you should contact an attorney with expertise in data security incident response to help you proactively formulate a response plan. An attorney can help you recognize your risks and select the key personnel who should be involved if an event occurs. Most important, an attorney will be a reliable guide through the complex series of laws and regulations involved in responding to an incident.
As a normal part of business, accountants receive and maintain sensitive client information, including social security numbers and credit card information. While collecting and maintaining this data is necessary, doing so in a computer network or system that is connected to the Internet raises concerns about the possible theft or exposure of that information. Although it is virtually impossible to guarantee security, there are risk management measures that can and should be taken by accountants to mitigate their exposure.
• Require passwords and encrypt your data on all devices.
• Educate your partners and employees about cyber threats.
• Regularly update your security software and firewall configuration.
• Select a reputable cloud provider that has had its security tested.
• Contact an experienced attorney to evaluate your privacy risks and establish an incident response plan.
Thank you to: Thomas R. Manisero, Esq. & Gregory J. Bautista, Esq.
Wilson Elser Moskowitz Edelman & Dicker, LLP
CPA Protector Plan ®