[BreachExchange] Accounting Firm Cybersecurity: Training Your Staff and Protecting Your Business

[Audrey McNeil]

http://www.cpapracticeadvisor.com/news/12377102/accounting-
firm-cybersecurity-training-your-staff-and-protecting-your-business

It probably won’t surprise you to hear that tax identity theft is on the
rise. In response to this increase in tax-related ID theft, last year the
IRS rolled out new security requirements that recommended multi-factor
authentication (MFA) for tax and accounting software.

While MFA has shown to be an effective tool in combating fraud, there’s an
equally important supplemental strategy that all tax and accounting firms
should employ: educating their staff.

That’s because humans — no matter how well-intentioned — remain the weakest
link in the data security chain, as proven when a recent cybersecurity
report revealed that approximately 95% of security breaches are caused by
human error. So let’s take a look at some of the changes that tax and
accounting firms are making to improve awareness among employees.

Employee training: Simple, inexpensive, impactful

In 1794, Voltaire said, “Common sense is not so common.” Today, we could
update that quote to read, “Network security common sense is not so
common.” That’s why it’s imperative that your staff is trained before they
interact with your information systems.

It’s good practice to update your training regularly to include new and
evolving data security challenges. Luckily, there’s no need to design a
training program from scratch. Most information security companies have
great presentations written and ready to go, or white papers that identify
points to cover in employee training. You can even go to the Department of
Homeland Security and IRS Awareness Campaign websites and download their
cybersecurity training resources.

Since every single employee in your firm is a potential source of a
security breach, everyone in the firm should go through security training,
from the firm owners to the frontline employees — including the IT staff.
Due to the ever-evolving nature of cybersecurity threats, experts recommend
at least annual training (although more often is always good).

Awareness is key

Hackers thrive on ignorance — they want everyone to assume that life is
safe and no one’s out to get them. So it’s a good idea to periodically ask
your employees questions including — but not limited to — the following, to
help them remain aware of potential security vulnerabilities.

• Do you have company email or other company data on your mobile device or
portable drive?
• If so, do you have appropriate security precautions in place, such as
data encryption and multi-factor authentication?
• How many of you are aware whether all the devices in the organization
have the most recent updates for operating systems and security software?
• At work, do you lock your computer when you walk away from it, or do you
leave it open and accessible to others?
• Could your passwords’ security access questions be easily deduced from a
look at your social media?

While this is only a start, it’s an important one. Use the tools and
resources mentioned above to educate your staff and close the door to
hackers. We can work together to take steps to improve security in our
industry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171026/ded29f08/attachment.html>