Cyber security – is your network at risk
Given the recent ransomware attacks, financial technology expert Joel Bruckenstein interviews cybersecurity expert Brian Edelman. In this podcast from the AICPA PFP Division, they discuss:
- What exactly is ransomware
- Scope of the recent global ransomware attack, which is the largest in history, and how likely it is
- Which operating systems are the most and least vulnerable
- How vulnerable CPAs and financial advisers are to this sort of ransomware attack and why
- Signs your systems may be infected with malware (not just ransomware) and what to do if your computer is acting in an unusual way
- What can you do to protect yourself and what to do if your impacted by a ransomware attack, including actionable takeaways
Although one size does not fit all, here’s our recommended security checklist for your business network.
SYSTEM SECURITY CHECKLIST | Complete |
1. Encrypt all hard drives on all machines with confidential data |
|
2. Turn off systems at night, weekends and vacation (n/a-servers) |
|
3. Reboot computers as you leave for appointments & lunch, logging back in when you return |
|
4. Require passwords to access the start screen on all smart phones, tablets and laptops |
|
5. Establish a password with 8 characters of letters, numbers and wildcard character, memorize it and do not share it; and utilize DashLane password software |
|
6. Install and update an antivirus/anti-phishing and firewall security suite program on all systems (We use & recommend BitDefender) |
|
7. Implement physical security standards: power down systems when leaving, locking up portable devices, securing server rooms |
|
8. Implement a “no-click” policy on email links |
|
9. Restrict remote access to data by all owners and employees, implementing a written office-wide policy and VPNs rather than remote log-in software |
|
10. Change default passwords and addresses on all devices including routers, computers, tablets, smart phones and software |
|
11. Practice invisible client interviews: clean desks, files locked away, and computers turned off; or perform all interviews in conference rooms without computer system access. Never allow a client unaccompanied in any room with a computer or file |
|
12. Establish written standards for work-at-home situations requiring secure rooms, no-access to computer policy except by staff, system shut down at all times when absent. See TaxSpeaker® Telecommuting policy |
|
13. Perform employee background checks similar to banking institutions |
|
14. Redact all client SSN’s, firm EFIN & personal PTIN on all documents |
|
15. Never provide a client or outsider with Wi-Fi access in your office |
|
16. Never, ever use public Wi-Fi including planes, airports, restaurants unless through a secure VPN or using encrypted email |
|
17. Accept client data only by portal upload, physical visit or surface delivery |
|
18. External mail boxes and drop off areas must be locked and secure |
|
19. Change Wi-Fi and all logins upon dismissal, retirement or job change of an employee |
|
20. Implement, educate and enforce a company-wide computer/internet use policy. |