When hackers attack a CPA firm, it can impact the firm’s data, but more importantly, it can expose clients’ sensitive financial data. A business’s ability to react and recover is crucial in limiting the damage and saving its reputation.
Cybersecurity Ventures predicts that by 2021, there will be a ransomware attack on businesses every 11 seconds (“Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021,” press release, Dec. 7, 2018, http://bit.ly/2K6cC7k). To stay ahead of hackers in 2020, companies must increase security, monitor network activity, and be prepared with breach response and data recovery plans.
Create a cyber-aware culture.
Human error is too frequently the weak link that allows a security breach to take place. Errors occur when a careless user downloads a malware-infected attachment, fails to use strong passwords, or improperly handles data. Education is key to closing human error gaps. Possible steps include the following:
- Educate users. Arm staff and clients with the knowledge to avoid attacks. Educate them on the characteristics of phishing, malware, ransomware, and other cybersecurity threats. Document security awareness training and include a training session in new employee onboarding. Send regular, concise emails with cybersecurity reminders. Share the same in a client newsletter.
- Use strong passwords. Train staff to choose the longest, most complex password permissible on a website or application. Make passwords complex, and change them often. Avoid using the same login and password for multiple accounts.
- Conduct phishing tests. Send occasional e-mail phishing tests to gauge users’ ability to recognize and react to a phishing e-mail.
- Implement and use a secure portal. Sending e-mail attachments is not a secure means of sharing tax, financial or other business documents. A secure portal controls access and encrypts transmission of information between a firm and its clients.
Implement networkwide security solutions.
Threats and vulnerabilities in networks and applications are constantly evolving. Gaps may include code flaws in operating systems and applications, systems and services misconfiguration, or immature IT or security processes. Key areas to review and update include the following:
- Maintain a strong firewall. This allows administrators to control what can come in and out of a network, thus providing security from both internal and external threats.
- Install “need to know” access control. In consultation with CPA firms, the authors frequently find that administrators give all employees access to most or all data on the network. Review roles and set access privileges accordingly. Implement a lockdown policy to prevent unauthorized access.
- Rely on multifactor authentication. Put in place an additional layer of security by requiring multiple forms of verification. In addition to username and password, users should provide a security code delivered by phone, text, or an additional hardware token device. Fingerprints and facial recognition are also available for some systems.
- Stay up to date with anti-malware and anti-spam software. These tools reduce user exposure to cyber-risks. Spam protection identifies and filters out dangerous e-mails so users won’t even have a chance to click on them. Anti-phishing software identifies and blocks content in e-mails and on the Internet that is likely to be a phishing scam.
- Keep an eye on artificial intelligence. Security providers are building AI-based smart tools to analyze and model network behavior, improve threat detection, and automatically identify intruders that have threat characteristics.
Monitor Network Activity
Security event monitoring (SEM) tools analyze information to detect suspicious behavior or unauthorized system changes on your network. Predefined types of behavior may trigger alerts, and SEM tools can take action on such alerts. Effective monitoring actions also include the following:
- Perform security audits. Assess the strength of the system’s physical configuration and environment, software, information handling processes, and user practices.
- Identify security gaps. Engage a third-party security firm to conduct a vulnerability assessment or penetration testing. Find network weaknesses before the hackers do, and close the gaps.
Response and Recovery Plans
As a first step, create a map of all data sources and storage locations. Update or create both a breach response plan and a disaster recovery plan. A breach response plan outlines the steps a firm will take to address an information security incident. The plan should identify roles and responsibilities of each member of the response team, specific steps for putting the policy into action, and the means, tools, and processes to identify and recover compromised data. Test the plan with a mock scenario to gauge the team’s effectiveness at breach identification, containment, investigation, remediation, and communication.
An effective disaster recovery plan ensures that, in the event of a security breach or loss of data, a business can restore data and normal practices rapidly to minimize the impact on operations. Effective disaster recovery includes the following:
- Perform daily (or more frequent) backups to a completely different location, server, or the cloud.
- Partner with a provider that can manage backups and data restoration.
- Identify critical systems and determine strategies to protect them.
An effective disaster recovery plan ensures that a business can restore data and normal practices rapidly to minimize the impact on operations.
Prepare for the Future Today
To stay ahead of hackers in 2020, CPA firms should increase existing security, monitor network activity, and put breach response and data recovery plans in place. A hosting provider or security consultant can be a valuable resource in this effort. For long-term success, make an investment in building a culture of awareness and ownership around data security across the entire organization.