« Is the spookiest item on your calendar a networking party? | Main | Creating the next generation of CPA leaders »

Four crucial tips to protect your organization’s data

Shutterstock_378127909The cost of cybercrime is increasing at an alarming rate. By 2021, the estimated damages from cybercrimes will be around $6 trillion, according to Cybersecurity Ventures. What can your firm or organization do to ward off evil cyberthieves? Joel White, CPA, CGMA, and Senior Director of Internal Audit, Risk & Compliance at the Association, offers four simple tips to help your firm or organization beef up its cybersecurity defenses. Here’s a quick recap.

3 (5)

1.Always remember to patch

Timely patching is the key to an effective cybersecurity strategy. But what is a patch and what does it do? A patch is a piece of code that a vendor, such as Microsoft, sends to correct an operating system or software program problem.  

To ensure timely patching, audit your software programs. Once you have inventory oversight, create a consistent and repeatable process to update systems with new patches as they’re released. 

1 (3)

2. Be aware of phishing scams

Do you want to fight cybercrime? Teach your staff to avoid phishing scams — and that’s phish with a “p.” Phishing is when a fraudster uses deceptive emails and websites to steal personal data or information. Hackers make messages look like they came from colleagues and can include personal information pulled from out-of-office messages or social media.  

So how can you fight back? Education! Some tools such as Office365 allow you to “phish” your employees. If an employee clicks or taps on a link, make sure you incorporate learning so they know they’ve been phished and what to do next. This will help your staff identify suspect emails, potentially saving your organization from financial or reputational loss. 

8

3. Assess your cybersecurity risk

With cybersecurity, knowledge is half the battle. One of the best ways to strengthen your firm or organization’s cybersecurity program is to assess your cyber risk. Start by talking to your leadership. Find out what data they value the most. Next, determine the location of the data. Is it at a vendor or in your data center? On which server does it live? Is it backed up? Once you know this information, you can assess common attack vectors used to target such data.  

THEN, you can get to the DOING! Determine what controls exist, if those controls apply to the highest risk areas and what new controls you could institute.  

Another tip: See if you even need the data! Companies often maintain data they no longer need. Again, knowing is half the battle.  

2 (1)

4. Use multi-factor authentication. 

Multi-factor authentication is a security system that requires multiple forms of verification to authenticate a user. Have you tried to log in to your bank account from a new device? When you have to enter a security code sent to your phone, that’s MFA. It creates a layered defense, so even if an attacker hacks through one barrier, you’re still protected. 

MFA is an easy and effective way to ward off potential cyberattacks. Talk to your IT professionals and executive leadership about why they should invest in MFA to protect their most important systems. 

Remember that a failure to perform simple safety measures such as the ones Joel provided is one of the biggest reasons organizations become cyberattack victims. With the four above tips, you’ll take a few small but crucial steps toward protecting your company or firm from extreme financial and reputational loss. Do you want more cybersecurity tips? Register for our “Cybersecurity in 2020: What you need to know” webcast on Nov. 8 at 10:30am ET and earn 1 free CPE credit while you supplement your cybersecurity knowledge.

Mballa Mendouga, Communications — Manager, Corporation Social Responsibility & Campaigns, Association of International Certified Professional Accountants 

Comments

Comments are moderated. Please review our Comment Policy before posting.

Subscribe

Subscribe in a reader

Enter your Email:
Preview

CPA Letter Daily