Wednesday, September 23, 2022

Main Street Practitioner

The NSA magazine for "Main Street" Tax and Accounting Progessionals

security word
Feature Articles 

Is Your Firm Serious About Security?

NSA Main Street

This digital world in which we live is an exciting one with opportunities to connect, share and collaborate in ways we never imagined. Technology impacts almost everything we do in our personal and professional lives in some way. Most of those impacts are positive.

At the same time, today’s environment can be quite scary.  It seems that every time we look at the news, there is another major security breach. And what we see in the media is backed up by data. According to a report released by the Identity Theft Resource Center and Cyberscout, the number of tracked U.S. data breaches hit a record high of 1,093 – a 40 percent increase over 2015. So it’s no surprise that most firms list security as a top priority.  But is their behavior consistent with what they say? In my opinion, not as much as it should be.

Investment is increasing

On the positive side, more and more firms are investing in the technology, training and processes to protect the sensitive data they possess. Whether it’s intrusion detection software,bringing in an outside party to conduct a security assessment or implementing a security awareness and training program, firms are investing in a lot of the right things to create a more secure firm. Whether it’s securing a perimeter in a war zone or an accounting firm, the strength of the defense is only as robust as the front lines. In your firm, the front line is your people who are handling sensitive client data on a daily basis. An informed and diligent workforce is your best protection against an attack.

It takes commitment

Unfortunately, when it comes to personal sacrifices required to take security initiatives to the finish line, there is often push-back. “The training takes too long!” “I can’t remember my password when I have to change it all the time!” “Why can’t I just email that tax return to the client?” These are just a few examples of the resistant comments and questions that confront the technology team.

Technology leadership should approach this as an opportunity rather than dismissing it as just another complaint from end-users. It is a chance to learn where the pain points are and to meet the challenge head on by finding solutions that make it less complex while still protecting the firm. It’s also an opportunity to align with firm leadership to ensure the business problem is clearly communicated when talking about a security initiative or solution.  Otherwise, it’s easy to discount it as “just another technology project.”

Change starts at the top

The biggest push back often comes from leadership. And most firms have one or more people on their team who think they are above the law. They simply choose to ignore training and look for ways to bypass security measures. It’s the responsibility of the leadership team to support the firm’s security initiatives not only through words and investment but also behavioral changes. In other words, leadership must walk-the-walk. And they must hold every one accountable, especially those few that make no attempt to change their behavior or increase their security savviness.

Data Breach Statistics from Symantec

The top varieties of data breach in 2016 were:

  • Theft of data-36.2%
  • Improper use of data-19.3%
  • Unclassified or other-19.2%
  • Phishing, Spoofing, or Social Engineering-15.8% (In 2016 the number of malware emails increased to 1 in every 131 emails. )

Industries most frequently exposed to cyber crime:

  • Services-44.2%
  • Financial, Insurance & Real Estate-22.1%

Top sub-sector breached: Business Services-24.2%

Symantec’s Security Best Practices
  • Regularly back up any files stored on your computer or any other devices.
  • Always keep your security software up to date, on all your devices, including mobile, to protect yourself against any new variants of malware.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
  • Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • On mobile devices, refrain from downloading apps from unfamiliar sites and only install apps from trusted sources. Also, pay close attention to the permissions requested by apps.
  • Make sure passwords you use for your online accounts are unique and strong. Do not reuse passwords across multiple accounts, and enable two-factor authentication if available.
  • Sign up to alerts from your bank so that you will be alerted if any suspicious transactions are made on your account.

Data and best practices are courtesy of Symantec, sourced from the April 2017 Internet Security Threat Report.

Jim BoomerAbout the Author

Jim Boomer, CEO of Boomer Consulting, Inc., is an expert on managing technology within an accounting firm. He serves as the director of the Boomer Technology Circles, The Advisor Circle and the CIO Circle. He also acts as a strategic planning and technology consultant and firm adviser to CPA firms across the country. Accounting Today called him a “thought leader who can help accountants create next-generation firms.”

Jim is a prolific writer with a monthly column in The CPA Practice Advisor and has been published in a number of industry publications including Accounting Today, Accounting Web, the International Group of Accounting Firms and several state society publications.

Say something about this...
Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Email this to someone
email
Print this page
Print