Blog

The Four Most Important Things Every Accounting Firm Should Know about Cyber Security

Discover four tried and proven ways to keep your company’s computer systems and data safe and secure from cyber-criminals

Web Security AccountingA high standard of cybersecurity can mean the difference between a thriving, successful business and one that is crippled by lost data and/or customer lawsuits stemming from hacked information that is subsequently leaked or misused. Fortunately, securing important data and keeping it out of reach of hackers is not as complicated as it may seem. After working with numerous companies from a large variety of industries, I have come to the conclusion that there are really only four vital things you need to do to protect yourself from a cyber-attack.

Provide Employee Training

Both industry and government reports make it clear that over 90% of all cyber-attacks start with a hacker either successfully stealing access credentials or tricking an employee into providing access to a company computer system. Given this fact, it is clear that providing clear, ongoing cyber security training to employees is a must. Naturally, those who handle sensitive information will likely need more detailed training than those who don’t regularly use the company computer; even so, every single employee should know how to spot phishing attacks such as:

  • Email requests asking for log-in information, a request to transfer money or any other email that would require one to divulge important information online. Even requests from a boss’ email address are suspect and should be verified in person or over the phone.
  • Pop-up messages with interesting links that seem too good to be passed up
  • Emails from an email server asking for log-in information

Each person should have a personal username and password to access the company system. Passwords should never be typed in a text file or written on a piece of paper. Furthermore, employees should not be permitted to access personal email or social media accounts on company computers during work hours.

Continually Update Security Software

New viruses, Trojans, malware, worms and other malicious programs are created and disseminated all the time. Thankfully, a good security software program will keep up with new threats and provide regular software updates to thwart new types of attacks. However, these updates won’t do you any good unless you install them. Have someone in charge of making sure the security system on a company’s computer is always up to date. If there is no one in your company that can handle this task, consider outsourcing it to a reliable third party. At {company}, we have many years of experience with not only updating security software but also providing custom security software solutions to meet your specific needs.

Protect Mobile Devices

Ideally, it is best for employees not to use a personal mobile device for company business. Many personal mobile devices are not fully password protected and hackers can easily steal information by either stealing the phone itself or accessing information when a user is on a public network. Furthermore, many people use a mobile device to check personal emails, increasing the risk of a phishing or Trojan horse attack.

To prevent this problem, provide company employees who need a mobile device to use for company purposes with a company mobile phone. All data on such a device should be encrypted at all times and the device itself should be protected with a unique password that is different from an employee’s company account password. Additionally, employees should never install new apps on a company mobile device without express permission from a superior.

Make it clear to employees using a company mobile phone that the loss or theft of a company mobile device should be reported not only to the police but also your company. If such a device is stolen, immediately secure all information that could be compromised even if the device itself is recovered.

Backup Your Data

Ransomware is fast becoming one of the most common types of cyber-attack. Unlike other cyber attacks that are often conducted in secret, ransomware is in your face and you can’t miss it. All information will be immediately encrypted and you won’t be able to access it unless you pay the cyber criminal the amount of money that he or she is demanding.

To prevent this and other types of data loss stemming from cyber attacks, it is important to back up your data on a regular basis. Even so, be aware that not all data backup plans are equal; some are far better than others. A backup device that is always connected to your computer and regularly backs up data as it changes is convenient and helps you keep your backup system up to date; however, it is also vulnerable to ransomware attacks. Such devices will automatically backup encrypted versions of your files if you are hit with a ransomware attack, leaving you without access to any of your data.

Backing up data onto the cloud can be a good option but only if the cloud service provider offers a secure account that will not only protect your files while on the cloud service provider but also encrypt your files as they are sent to and from your company server. An external backup device that is only plugged in once a day to back up your data is a good option as hackers can’t access the device while it is disconnected.

Naturally, it will take time and money to fully secure your company computers to avoid cyber attacks; however, the effort is more than worth it as even a single serious attack can wipe out years of hard work. If you don’t have the time or feel you are tech-savvy enough to protect your valuable company data from malicious third parties, get in touch with us at {email} or {phone}. Our {company} has all the tools and experience you need to keep your systems secure both now and in the future.