Today's Technology for Tomorrow's Firm.
Issue link: https://cpapracticeadvisor.epubxp.com/i/728133
BRIDGING THE GAP By Jim Boomer, CPA.CITP September 2016 • www.CPAPracticeAdvisor.com 21 How Security Savvy Is Your Firm? Security Starts on the Front Lines W hether it's securing a perimeter in a war zone or an accounting firm, the strength of defense is only as robust as the front lines. In your firm, the front line is your people who are handling sensitive client data on a daily basis. An informed and diligent work force is your best protection against an aack. Have you invested the proper amount of training to make sure they are prepared for that responsibility? A re they skeptical of suspicious look- ing links in emails? Do they report potential security issues as soon as they occur? Do they avoid over shar- ing on public sites and social media? If not, your firm needs to invest in security awareness training for your entire team. But where do you start? Where to Start e first step is determining where you are today. To do so, you probably need to bring in an outside party to perform a security assessment that includes penetration testing, social engineering and a complete review of your security infrastructure, as well as your team's knowledge. Many of the firms we work with have had an assessment done in the last few years and the results have identified vulnerabilities that were previously blind spots. W hile some were the result of inadequate tech- nology, the majority were caused by the human factor. Training the Front Lines e only way to mitigate against the risks of uninformed and careless individuals is to provide them with ongoing security awareness training. A lthough programs may vary, here are some of the key characteristics you should keep in mind. • INCLUDE EVERYONE – Securit y a w a r e n e s s t r a i n i n g a p p l i e s t o ever yone in the firm. Leadership shou ld not be excluded. I n fact, top level executives are some of the most v ulnerable indiv iduals. C r i m i n a l s h a v e b e c o me mo r e sophisticated and regularly target those who have access to the most sensitive and valuable information. • LINK IT TO THEIR PERSONAL LIVES – Most, if not all, of the best practices apply to your employee's behavior in both their professional and personal lives. e more you c a n show how it i mpac t s t hem i nd i v idu a l l y t h roug h per son a l examples, the beer it will stick. • P R O T E C T P E O P L E F R O M THEMSELVES – e more IT can do at the desktop level to not allow people to place themselves or the firm at risk, the beer. Make it so people can't do the things that get us in trouble. • MAKE IT AN ONGOING PROCESS – S e c u r it y aw a rene s s t r a i n i ng i s not a one -t i me e vent; it 's a n ongoing process. Make sure you are continually testing , training and reinforcing best practices. • HOLD PEOPLE ACCOUNTABLE – Holding people accountable is the best way to reinforce desired behaviors and get individuals back on track if they forget or stray off course. Risk Based Approach Gartner lists Adaptive Securit y A rchitecture in its Top 10 Strategic Technolog y Trends for 2016 and states, "Rely i ng on per i meter defense and rule-based security is inadequate. IT leaders must focus on detecting and responding to threats, as well as more traditional block- ing and other measures to prevent aacks." is indicates we need to think differently about security than we have in the past. Traditionally, organizations have spent the major- ity of the security budget on elimi- nating risk. In today's environment, you must balance your resources between proactive prevention and reactive response. In other words, we must view security from a risk management perspective rather than risk elimination. Conclusion If you are currently rely ing on technology alone to prevent cyber- aacks, you are likely exposing your firm and clients to unnecessary risk. Make sure you address the weakest link in most organizations – the people. Educating them on the best practices and proper behaviors is the best way to protect yourself against the bad guys. At the same time, invest appropriate resources to prepare your firm to respond to a security event. Start the journey today to make your firm more secu- rity sav v y. Jim Boomer is the CEO of Boomer Consulting , Inc. He is the director of the Boomer Technology Circles™ and an expert on managing technology within an accounting firm. He also serves as a strategic planning and technology consultant and firm adviser in the areas of performance and risk management. In addition, Jim is leading a new program, e Producer Circle, in collaboration with CPA2BIZ and the AICPA. jim.boomer@cpapracticeadvisor.com S ecurity continues to be a top priority for firms today. Clients trust CPAs with some of their most sensitive data and it's our responsibility to do everything possible to protect it. While most wish there was a magic bullet that would guarantee 100% security and keep the bad guys out, the reality of today's environ- ment makes that notion unrealistic. e fact remains that even if we do everything possible to try to eliminate security risk we are only as strong as the savviness of our people.