lassise<\/figcaption><\/figure>\nthe main targets of cybercrime are those who handle financial information: accountants, banks and people in the financial industry. once they have infiltrated the system, it is open season for whatever information they want from whomever they want. the information found on a 1040 alone is enough to open bank accounts and credit cards, and commit identity theft, and that is what they are after.<\/p>\n
so often when rush tech does it audits for accountants, we see instances of people having way too much access for their job and not enough barriers to protect financial data. there have been times where we type in the search box \u201cpasswords\u201d and can immediately have access to a word document without password protection giving access to every location in the company and their clients\u2019 data. there are tons of free password managers, like lastpass, which will manage the data for you in a central secured spot. you can then set up a fort knox security on that one single spot to make sure that everything is protected instead of trying to remember where everything is.<\/p>\n
another way around this, for the less tech-savvy, is simply using a cryptic name for your passwords document. simply changing the name to any non-identifying word makes accessing the sensitive information that much better. so instead of \u201cpasswords\u201d or \u201cpws\u201d or some variation, use something bland that you\u2019ll remember like \u201carticles from 2015\u201d where nobody would actually guess that the contents of the document is something of interest. be sure to password-protect that document, regardless of the naming convention. security by obscurity is not a silver bullet.<\/p>\n
we also see a lot of the network equipment using default passwords that one can simply google \u201cnetgear default login\u201d and the snippet will actually give access to the company\u2019s internet. from here, you can change passwords, open ports and put the company in a really bad spot. you could also simply turn off the internet, and there are very few companies that can operate without the internet being on. most troubleshooting steps would also miss this as it would require someone willingly turning it off.<\/p>\n
one of the easiest things to do is to change the password on the networking equipment and not use default logins when possible. so instead of user \u201cadmin\u201d with password \u201cpassword,\u201d you use user alassise (the name of your network administrator) and a strong password like getout0fhere12#@ and disable the admin\/password original login so nobody can get access.<\/p>\n
covid-19 and the work-from-home movement has made the mobile workforce a normal part of most businesses\u2019 infrastructure. where in the past, a company could get away with having an on-premises server and the computers in the office would be on lockdown, we are in a new era. with an ever-increasing number of saas products, many people think that having a strong password and a personal computer is adequate protection because <saas vendor> handles all the security and we just use the platform, which is not accurate.<\/p>\n
security awareness training is paramount these days. the best defense is the knowledge to not get tricked by the bad guys and knowing what methods are used to get your passwords. if an employee opens a phishing email, and gets their passwords stolen, or if they reuse a password that appears on the dark web in your company, you now have put the entire database in jeopardy. with the simple policy of \u201ctrust nobody unless i asked for it,\u201d accounting firms can avoid some of the issues that have happened in the past few years.<\/p>\n
set up a virtual office instead of individual logins to saas products<\/strong><\/p>\nthis begs the question of company-owned or employee-owned computers, which is better? the answer is \u2013 it depends. if your work force already has computers that are sufficient in power, then it may make sense to let them use a personal computer that can remote into a virtual office. this way, your company doesn\u2019t depend on the employee taking care of your equipment and you can make sure that they have the proper access and restrictions. this is very different from letting them log into saas products on their own computers, which is a disaster waiting to happen. setting up cloud offices and virtual environments is a common practice these days and a great way to not have to hunt down employee devices, ship out, reconfigure and maintain an effective mobile workforce.<\/p>\n
this strategy also scales very well because you can effectively \u201ccopy \/ paste\u201d the startup configuration from an employee’s computer and not have to reinvent the wheel every time you hire someone new. the new employee simply logs into the computer you want them to have and you\u2019re good to go. this saves hours of administrative and tech time and ensures that the proper protection and protocol is on every single computer, without an endless checklist or trying to remember what every computer needs.<\/p>\n
this strategy also works in the reverse, as many firms are seasonal, so owning 20 computers when only 10 get used for most of the year isn\u2019t necessary anymore. with cloud infrastructure, an organization can change computers from capital expenditures to operational expenditures and get billed similar to electricity, so you pay for what you use. then when you need to downsize after busy season, you don\u2019t have wasted expenses on computers that were only used for a few months; your usage goes down, and so does your bill.<\/p>\n
this also makes firing employees and removing access literally the click of a button. if they need to log in to the cloud server in order to access all client data, and you suspend that account \u2013 the end. there isn\u2019t the lingering fear of what if they do <insert malicious thing> because they can\u2019t. gone are the days of removing every single account and having to remember who has access to what, it\u2019s just one spot to turn off \u2013 and access is gone!<\/p>\n
a holistic approach is best<\/strong><\/p>\nwhen it comes to products around cybersecurity, there isn\u2019t a \u201cbuy this and you\u2019re safe forever\u201d solution. it needs to be a holistic approach. at a minimum, you need employee awareness training, restricted permissions on an as-needed basis, antivirus, vpn, complex passwords, two-factor authentication and encryption. that is just scratching the surface.<\/p>\n
working with a company that understands and puts cybersecurity into a whole package is always going to be the best route for small business owners. with the data breaches happening every single day and the millions of dollars in lawsuits, fines and penalties being dished out, now it is more important than ever to make sure that your company has the proper protection. just because you haven\u2019t been hacked or had a data breach yet<\/strong> doesn\u2019t mean you are immune; it just means you are lucky.<\/p>\nbesides the obvious threats of viruses, malware and the like, many do not know how to tell if they have had a data breach because they aren\u2019t involved in technology. it\u2019s like asking a plumber to audit his tax return for any discrepancies; while he may be familiar with what is happening, he will not know the nuances that an expert would recognize. this lack of understanding may end up costing him his entire business if taxes are done incorrectly. same goes with cybersecurity, if it is done incorrectly, you will only find out after it is too late!<\/p>\n
data breaches can set off a chain reaction<\/strong><\/p>\na cpa firm in ny had a data breach. one of their clients was a medical center that got hacked as well through the cpa firm, which resulted in exposure of confidential patient information. the patients of the medical center filed a class action lawsuit against the cpa firm that had the initial data breach, not the medical center. unfortunately, what people miss in this story is that the cpa firm was a victim. that firm lost tons of revenue and reputation as a result of being a victim of a cybercrime.<\/p>\n
bundle cybersecurity with your services<\/strong><\/p>\nfirms can add to their portfolio products that ensure cybersecurity for their clients as well. they can use products like shared encrypted portals instead of using regular email. they can use multifactor authentication to make sure that even if a reused password appears on the dark web, the hacker can\u2019t get into someone\u2019s financials because it has an extra layer of protection. having extra security like this can be bundled in as part of your package. this lets your clients know that you take cybersecurity seriously and that it isn\u2019t just smoke and mirrors.<\/p>\n
one bad email is all it takes<\/strong><\/p>\nyou do not want to ever be in a position where it is convenient for someone to hack you. many cybercriminals are looking for low-hanging fruit, and a phishing email, just like the name implies, is similar to fishing in a lake. the fisherman puts bait on the line, drops it in the water and waits for a bite. the phishing campaign is also sent to the masses and waits for a bite. it can appear to be from a fortune 500 or from a solopreneur. simply clicking a bad link is enough for the bad guys to do serious damage \u2013 damage that no antivirus, firewall or any sort of software can protect against because the human is the one electing to perform these actions. once they are in, there can be a ransom put on your information. municipalities have ended up paying hundreds of thousands of dollars to get their data decrypted.<\/p>\n","protected":false},"excerpt":{"rendered":"
check your own system first, then help others.<\/strong> \n <\/a> \nby penny breslin<\/i> \nit\u2019s not just the numbers<\/i><\/a><\/p>\n","protected":false},"author":4581,"featured_media":98562,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[3184,3120,3002,2306],"tags":[3084,3085,3089],"class_list":["post-111722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-advisory","category-pro-member-exclusive","category-special","category-tech-and-fintech","tag-coronavirus","tag-covid-19","tag-wfh"],"acf":[],"yoast_head":"\nmake cybersecurity a client service option - 卡塔尔世界杯常规比赛时间<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n \n\t \n\t \n\t \n