Has your firm ever experienced a cybersecurity breach? Accountants must take notice and understand this threat is real, and without proper actions you place your firm at significant risk.
Accountants have always been bound by the requirements of client confidentiality. However, this task has become increasingly more difficult due to cybersecurity threats. The accounting community is being targeted based on the highly sensitive data they handle. At Identillect Technologies we have focused our solution to service accountants with simplicity and control at the core of our offering.
Identillect Technologies was originally developed and designed for the accounting community, securing your email communications with the click of a button. Delivery Trust protects your messages while in transit, as well as controls how the content is handled once delivered.
We put the sender in control you can specify how long delivered emails can be viewed, disable printing or forwarding, see a full audit trail, receive a private read receipt, and for the "Oh No Moment" you can even retract a sent message. Use any email address on any platform, including the Web, mobile, or Microsoft Outlook.
1) Understand regulatory compliance requirements
To begin planning a security strategy, be aware of regulations affecting your accounting firm. These regulations can range from federal and state laws covering all businesses when handling sensitive customer data to regulations targeted at your specific industry. Failure to take significant efforts to protect client information may result in legal consequences, not to mention the ramification to your firm's reputation.
2) Identify and assess security risks in your organization
Determine the location of all sensitive data and whether any protective measures are currently in place. Also, determine how your sensitive information is distributed (via email, texts, or various other channels) and who has access to information stored on corporate servers as well as in the cloud.
3) Establish written security policies regarding collection & use of personal information
This is a document requiring semi-annual updates and should define the following items:
- Proper storing and disposal of electronic personal data;
- Identify an officer responsible for information security;
- Identify users inside your company with access to sensitive information, especially those with administration rights or unrestricted access to data;
- Adopt a least-privilege approach to data, providing users only enough access privileges to allow them to complete their duties;
- Block social media channels you cannot or do not wish to supervise;
- Automatically log users out and lock computers when not in use;
4) Educate your employees regarding common fraud methods/breach threats
Many internal breaches occur due to simple human error or lack of awareness, making it important to ensure your employees are aware of their actions and understand how to protect sensitive data.
5) Take protective steps when accessing Wi-Fi networks
Since this is one of the easiest ways for perpetrators to access your data, precautions should include:
- Use Wi-Fi networks with caution when traveling, only use wireless networks secured with passwords;
- Ensure business Wi-Fi networks are secure at all times. Utilize a VPN (Virtual Private Network) when possible or send all information via encryption.
6) Ensure all devices are adequately secured
Since data leaks can occur across all channels, important things to remember include:
- Utilize complex passwords on mobile and computer devices;
- Limit users to only devices which can be adequately protected and monitored;
- Always install patches and updates as soon as they become available;
- Ensure all software downloads are from trusted sources.
7) Use encryption technology
This is a proven way to prevent security attacks. Studies in 2016 by Beazley indicate a 60% rise in data breaches from 2014 to 20151, most of which could have been prevented if encryption technology was utilized. Implementing encryption technology to protect client data is a safe harbor under most state or federal breach regulations. Utilize a layered approach to security in all communication channels including computers, mobile devices, networks, and hard drives.
8) Revise and improve your email usage standards
While 70% of businesses consider email as the top means of communication, it's surprising they often take so little care to secure it. Unsecured email is easily accessed even by the most inexperienced hackers. Email confidentiality statements are not adequate, nor do they protect from regulatory violations. The only sensible solution is to implement a user-friendly email security product or service.
Securing electronic messages should be one of the top IT priorities for organizations in 2016. The process should not be overly complex or expensive; however, it does require proper planning and regular revisions. While there is no such thing as a 100% breach-proof security system, the majority of attacks can easily be prevented by following the simple steps outlined in this article.