Information Management and Technology Assurance includes information about emerging IT trends, IT risk and IT assurance, data analytics, security and privacy and business solutions.
With busy season off to another running start, it’s important to remember that cyber attackers are busy too. With readily monetizable information on hand that can be sold easily on the black market, your practice is an especially attractive target for attackers.
Frequent news reports of breaches at large organizations and government entities might lead you to believe you don’t stand a chance if targeted. Fortunately, this is not the case. The following basic precautions can significantly reduce your risk and mitigate damage if you experience a cybersecurity incident.
- Locate, classify and separate information by risk level. The highest risk information for most firms is going to be financial account information such as bank routing and account numbers, credit and debit card numbers, and usernames and passwords for online account access. This information should be protected with a high level of security and stored separately from other client records. Because industry safeguards typically require names of authorized users, billing addresses, employer identification numbers and Social Security numbers to gain access to accounts, a system that stores information used to authenticate account numbers separately from the numbers themselves can mitigate losses should a security breach occur.
Continue reading "5 Cybersecurity Precautions for Small CPA Firms" »
Cybersecurity is becoming a critical issue as consumers increasingly entrust their most confidential information – including Social Security numbers, tax identification numbers and financial information – to companies that store this data electronically. As companies look for third-party assessment and verification of their cybersecurity risk management program, CPAs are well-positioned to provide these services – and the more comprehensive definition of attest that many states have adopted ensures that only CPAs can provide cybersecurity attest services in accordance with the AICPA’s high standards.
Attest services are those services that are limited to licensed CPAs and can only be performed by licensees through CPA firms. They include audits, reviews of financial statements and examinations of prospective financial information.
Continue reading "CPAs Well-Positioned to Help Manage Cybersecurity Risk " »
Open the newspaper, and you’ll find no shortage of stories about sensitive corporate information getting into the wrong hands. How can you ensure this doesn’t happen to your organization? Solid IT policies and procedures. They are critical components of an organization’s umbrella IT strategic plan and are designed to prevent serious operational problems. In general, security policy and procedures include assessing your organization’s assets and holdings, evaluating them against threats or risks for exposure and having the right tools and techniques in place to manage those threats and risks.
Continue reading "Make it or Break it with IT Policies and Procedures" »
What were you doing at 7:32 p.m. on April 23, 2011? Chances are that Google, Facebook, Microsoft, Apple, your phone company and your Internet Service Provider know. If you share a computer, all of the other users may know. Your employer may know. As will the government, if it so chooses. And if this isn’t enough, they may even know where you were when you were doing it.
Is this a problem? Well, that depends. Do you like getting bombarded with online ads and email obviously based on your recent surfing habits? Are you researching that perfect gift for your wife or husband, or planning a big surprise party? Perhaps you are pregnant or researching medical symptoms and don’t want anyone to know?
Continue reading "Protecting Yourself Online" »
Wouldn’t life be great if we all had a crystal ball? While wizardry and fantasy may sound like a great way to see the future, no one would actually advise a client or employer on assumptions based in magic and hearsay.
Typically, we serve our clients and employers based on fact-based historical reporting, which tells us where we are and where we’ve been. However, there is another way to offer guidance and opinion: predictive analytics, a process-driven activity that combines facts about the past with inferences to anticipate the future.
Continue reading "Boost Your Bottom Line with Predictive Analytics" »