Today's Technology for Tomorrow's Firm.
Issue link: https://cpapracticeadvisor.epubxp.com/i/146073
FROM THE TRENCHES in Your Tracks IMPACT No internet access until repaired REPORTABLE? Yes Network resources used by unauthorized people Yes Maintenance personnel might have accessed client records Yes Possible loss of data not copied yet Yes Loss of data, productivity, loss of image Yes, if hard drives not encrypted Data of that client is compromised. Yes, if it has SS# or Fed ID involved Probable extended outage involving a day or more. Strong likelihood that some computers will need to be wiped clean and reinstalled. No High probability that much client and banking information has been stolen. Yes Possible loss of data on computer. Some infections access network data. Maybe. Discern if the infection had access to your network. If not, no. If you are not sure, yes. You'll be unable to use your normal cloud services until service resumes. Have manual process ready. Maybe, but that's the data center's fnancial responsibility in most cases, not yours Client information could have been sent, or the email could have been used for illegal or illicit purposes Maybe. Assess if emails had access to client info. If so, yes. Web site, email and other internet services won't be available for up to 72 hours after resolved. No Client information is likely breached. Yes May take one computer or your entire network down. Maybe. Determine the type of virus and discern if client information was accessible. May take one computer or your entire network down. Maybe. Determine the type of virus and discern if client information was accessible. Professional image damage. No, unless the web site granted access to your portals or other client information. If so, yes. Money may be permanently gone. No Possible loss of client and/or reputation. Yes, to client Possible loss of client and/or reputation. Yes, to payroll clients Possible loss of life and reputation. No Possible security compromises and infections. Yes, if client information was compromised Loss of productivity. No Lost time. No SECURITY AND YOUR F IRM Again, this table was not intended to be comprehensive, but simply examples. We have to put our frms in a position to protect against common security problems. like PGP or Tru-Crypt. Make sure that your software providers have great security. For example, ShareFile and SmartVault are portal and fle transfer products that have strong encryption in motion and at rest. Consider an So, What Should You Do email encryption product like Zixmail About This? or Secured Accountant. First, you can solve some of these issues Third, remember that the best by better procedures and training. security is physical security. Even Many security breaches could have though you may be practicing in a safe, been avoided if team members had just small town, consider what physical not clicked through a link, read a security makes sense. Many frms have chosen to lock all doors from their lobbies back into the practitioner's of f ice spaces. Others have implemented automatic lock systems on cer ta in doors. Everyone should 1. Better procedures and training. have their com2. Appropriate software. puter server room locked. Mot ion 3. Best security is physical security. sensing , n ight 4. Recognize that most security issues vision cameras can have at least some level of soft cost be installed over all and lost productivity. doors and the lobby waiting area. Finally, recogn i z e t h at mo s t sec u r it y i s s ue s have at least some level of soft cost and lost producmessage or copied a fle. Consider your tivity. When reportable breaches occur, policies related to BYOD technologies, it costs money to notify and monitor using public or client network connecthe losses. Some frms have purchased tions or copying fles from USB, hard CyberSecurity insurance for this purdrive or cloud sources. pose. What can you do to mitigate the Second, you can solve some issues risk of a security issue in your frm? with the appropriate sofware. Open license Microsof Windows so you can use BitLocker encryption. Alternatively consider encryption products WHAT YOU CAN DO August 2013 • www.CPAPracticeAdvisor.com 15