As it’s Safer Internet Day today, we thought we’d carry on the theme of cyber security. We can’t stress enough of how important it is to ensure your firm has a bulletproof security system along with communications and disaster recovery plans should your data get compromised.
Employee education
Employees are your greatest asset and your greatest liability, especially when it comes to keeping your systems secure. Staff pose the biggest risk as people make mistakes. Thankfully we haven’t been replaced with robots quite yet, so we need to ensure everyone in the firm remains vigilant at all times. Cyber training should be an ongoing process including running simulated phishing attacks. We need to ‘Stay Alert’!
Phishing
If you’re caught off-guard you could easily be the victim of a phishing attack. Chances are you, or one of your colleagues, have seen one, if not been hit by one in the past. This is where scammers send fake emails asking for sensitive information (such as bank details) or containing links to bad websites. A common one to watch out for is asking you to enter your Microsoft account credentials into a screen that looks very similar to the real thing. You should always check the email address and full hyperlink of a message that asks you to click a link or download an attachment.
Passwords
Know how important it is to have a reliable password for any account you use. But while that is well-known, people still don’t seem to listen. In fact, statistics show that approximately 86% of global passwords are extremely weak.
Ensure you have different passwords for each account. Having one strong password you use for all accounts isn’t the safest way to go as a hacker can take the leaked data from one attack and use it to log onto your other accounts.
Our best advice: use a password manager to help you store and create strong passwords for all of your accounts. There are lots of password managers on the market, here’s a great article from PC Mag https://uk.pcmag.com/password-managers/4296/the-best-password-managers reviewing them.
Multi-Factor Authentication
81% of security breaches are due to weak or stolen passwords. MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application. It’s free and easy and makes your account up to 99.9% less likely to be compromised. MFA can be easily deployed across your firm MFA is now widely available across many applications enabling you to add a safe and secure two-step verification method for your online credentials from a range of authentication options (such as phone call, text message, or mobile app notification) to access your applications.
Software
Firms should have an approved list of software that employees can install, with anything additional needing business case approval. This reduces the risk by only allowing supported software, making it easier to manage updates.
It’s vital all operating systems are up to date, including servers, desktops, laptops, tablets and phones. Web browsers, Office software, desktop software and anti-virus should all be set to automatically update. Users may have disabled, defer or decline updates, so it’s important to regularly check all devices that access corporate information are up to date. Updates should be installed promptly but, be aware, if the device is low on storage, the update may not complete.
Data
GDPR sets out six principles for the processing of personal data. In particular, personal data collection and retention should be limited, relevant, and adequate to the purposes for which it needs processing. Also, personal data should only be kept for the time period required for the purposes for which it is needed.
If you have not done so again since the introduction of GDPR, you may substantially reduce the amount of data you hold on individuals for which your firm has no particular use itself but which may still be of value to cyber attackers by carrying out this task again and doing so on a regular basis.
You would also benefit from taking the same approach to your commercial clients whose data is not likely to be covered by GDPR. Some hackers are employed specifically to hack competitors’ computer systems and the computer systems of their suppliers (including the accountancy firms they work with). For more info a great resource is the ICO website.
Home Working
The current COVID-19 lockdown measures make it a legal requirement to stay at home, meaning everyone must now work from home where they can. Being in the more relaxed home environment, employees may be more inclined to let their guard down when it comes to security. This is when cyber criminals attack, whether it’s fake emails about getting the vaccine or bogus emails asking to pay a supplier, when your colleague isn’t easily contactable to verify the transaction. Keep reminding everyone to stay vigilant while supporting them through this difficult time.
Keep Your Guard Up
It can be frightening when there are so many ways your systems and data can become compromised. Cyber criminals will always go for the low hanging fruit, so the more you do to protect your firm, the less likely you are that you will fall victim to an attack.
Always be cautious about what you and your employees do online, which sites are visited, and what data is share. Use comprehensive security software, and make sure to back-up your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.
Should the above sound daunting then of course you could get an IT expert to do all this for you. Focus Technology Solutions can work with your firm to plan and manage all your IT requirements to take your accountancy firm forward.
Call now to find out more and stay safe.
We hope you found this article insightful, sign up to our email list here to get more expert IT tips and insights direct to your inbox.