Cyber security – is your network at risk

 

Given the recent ransomware attacks, financial technology expert Joel Bruckenstein interviews cybersecurity expert Brian Edelman. In this podcast from the AICPA PFP Division, they discuss:

  • What exactly is ransomware
  • Scope of the recent global ransomware attack, which is the largest in history, and how likely it is
  • Which operating systems are the most and least vulnerable
  • How vulnerable CPAs and financial advisers are to this sort of ransomware attack and why
  • Signs your systems may be infected with malware (not just ransomware) and what to do if your computer is acting in an unusual way
  • What can you do to protect yourself and what to do if your impacted by a ransomware attack, including actionable takeaways

 

Although one size does not fit all, here’s our recommended security checklist for your business network.

SYSTEM SECURITY CHECKLIST Complete

1. Encrypt all hard drives on all
machines with confidential data
 
2. Turn off systems at night,
weekends and vacation (n/a-servers)
 
3. Reboot computers as you leave
for appointments & lunch, logging back in when you return
 
4. Require passwords to access the
start screen on all smart phones, tablets and laptops
 
5.
Establish a password with 8 characters of letters, numbers and wildcard
character, memorize it and do not share it; and utilize DashLane
password software
 
6. Install and update an
antivirus/anti-phishing and firewall security suite program on
all systems 
(We use &
recommend BitDefender)
 
7. Implement physical security
standards: power down systems when leaving, locking up portable
devices, securing server rooms
 
8. Implement a “no-click” policy on
email links
 
9.
Restrict remote access to data by all owners and employees,
implementing a written office-wide policy and VPNs rather than remote
log-in software
 
10. Change default passwords and
addresses on all devices including routers, computers, tablets, smart
phones and software
 
11.
Practice invisible client interviews: clean desks, files locked away,
and computers turned off; or perform all interviews in conference rooms
without computer system access. Never allow a client unaccompanied in
any room with a computer or file
 
12.
Establish written standards for work-at-home situations requiring
secure rooms, no-access to computer policy except by staff, system shut
down at all times when absent. See TaxSpeaker® Telecommuting policy
 
13. Perform employee background
checks similar to banking institutions
 
14. Redact all client SSN’s, firm
EFIN & personal PTIN on all documents
 
15. Never provide a client or
outsider with Wi-Fi access in your office
 
16. Never, ever use public Wi-Fi
including planes, airports, restaurants unless through a secure VPN or
using encrypted email
 
17. Accept client data only by
portal upload, physical visit or surface delivery
 
18. External mail boxes and drop
off areas must be locked and secure
 
19. Change Wi-Fi and all logins
upon dismissal, retirement or job change of an employee
 
20. Implement, educate and enforce
a company-wide computer/internet use policy.