As a modern tax professional, you know highly sophisticated cyber attacks makes your business a potential target. With more of your business information being digitized, cybersecurity becomes a key component of your overall security. It’s the best way to guarantee your data is secure, and why you protect yourself and your clients’ information from unauthorized access.
But here’s 2 pieces of information you may not know:
Information Security vs. Cybersecurity
Information Security is formally defined as The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity, and availability.
Cybersecurity is a key component of Information Security. It involves the protection of electronic devices and electronically stored information, with the similar goal of ensuring its availability, integrity, authentication, confidentiality, and non-repudiation.
More information like this can also be found in the U.S. Federal Government’s National Institute of Standards and Technology (NIST) published guidelines entitled: “Small Business Information Security: The Fundamentals” It’s worth reading.
“Verizon’s 2016 Data Breach Investigations Report found a shocking 30% of recipients open phishing messages and 12% click on attachments.”
What’s a Cybercriminal’s Best Weapon? Ignorance!
“Small and medium-sized businesses (SMBs) are a prime target for hackers today”, says Jim Krantz of Krantz Secure Technologies. “They are easier prey than larger enterprises because most don’t have data security policies in place. Not to mention, they don’t believe they will ever be attacked, so they won’t take the time or invest the money to protect their business. For those reasons, the Dark Web makes it easier and cheaper for anyone to use ransomware solutions, like Petya and WannaCry, to place a “bull’s eye” on your business.”
Don’t be fooled – Your Files Have “Theft Value”.
Cybercriminals want your data – your client’s data – and your money, and will not stop until they get what they want. But how?
Attack Vectors – Below is a diagram which shows the most common “attack vectors” being used, that hackers don’t want you to know about.
But what are Attack Vectors? They are the steps, codes, keystrokes and software a hacker uses to gain access to your computer or network to deliver malware that can result in:
The purpose for the theft? Hackers steal your clients’ data, so they can:
As you can see, taxpayer information you store is at great risk. That information, left unprotected, is a target for data theft.
Hacking is a crime. It remains a top priority for the IRS to end this criminal activity. To help keep you informed and up-to-date, back in 2015, the IRS implemented National Tax Security Awareness Week for:
The IRS urges you to take the time between tax seasons to contemplate your cybersecurity measures.
Visit their Protect Your Clients, Protect Yourself Campaign.
And yes, it is your legal obligation to protect taxpayer’s personal information. The good news is, there are easy steps you can take and is affordable to protect your organization. Once in place, your program balances security with the needs and capabilities of your business. When viewed as part of your business strategy and regular processes, information security makes sense.
Follow These Best Practices.
Protect Your Credit.
Your FICO Score is used in over 90% of U.S. lending decisions. Taking these steps won’t impact your credit or ability to use existing credit cards. However, if you’re applying for a loan, you’ll need to “thaw” your account. Allow 3 days for the reports to become available.
Classify Your Data.
Security Awareness Training for Your Employees
Remember, hackers will try to gain access to your network any way they can. It’s a lot easier for the bad actors to attack using your employees, than a well-maintained infrastructure.
Let’s look at how employees may be your biggest vulnerability:
For this reason, it’s recommended that you have a professional conduct Security Awareness Training on a regular basis.
Secure Your IT Infrastructure.
Let’s Not Forget to Use the SANS 20 Critical Security Controls
The SANS 20 Critical Security Controls were adopted by regulatory and government agencies as the foundation for security strategies. By implementing these controls you can reduce the potential impact of cyber attacks. They may seem daunting, but the experts at Krantz Secure Technologies can help you streamline the process and ensure your firm is following the best practices for information security.
Ensure Your Mobile Devices Are Secure as Well.
With the proliferation of mobile device use and BYOD (bring your own device) to work, your business needs secure mobile device solutions. Mobile Device Security ensures your work force uses their devices in a secure and controlled manner. It protects your data, whether it’s deployed across multiple mobile service providers or on a variety of mobile operating systems.
Your Mobile Device Security solutions should allow:
Your Mobile Device Security should include your employees’ smartphones. They may contain valuable contact information and emails that cybercriminals want. Even text messages can be spoofed.
Bluetooth is convenient but not secure. Viruses can be spread via Bluetooth and hackers can use it to connect and compromise your phones. Always turn off Bluetooth when it’s not needed, and disable automatic pairing. Also, set your devices to “Non-discoverable.”
WiFi Hotspots can put your business information at risk. Anything that you send over an unsecured Wifi can be intercepted. Always turn off WiFi when you’re not using it. Don’t allow your device to auto-join unfamiliar networks. And don’t send sensitive information over WiFi unless you know it’s secure.
Keep an Internet Security Mindset.
Simply visiting an unsecured site without clicking any links can compromise your cybersecurity. When browsing online be sure to check the website’s security status. Make sure it begins with HTTPS before you enter any personal or financial information. You want to see a closed padlock symbol next to the URL (shown below). This means that GeoTrust has confirmed the site’s security is up to date.
Be Careful with The Internet of Things (IoT).
The IoT refers to the connection of devices to the Internet. Cars, appliances, medical and manufacturing devices are all being connected through the IoT— With the rapid development of the IoT, and the fact that more small devices are connected into the Internet, security is an increasing concern.
Many IoT devices have weak or no security. There are known vulnerabilities that can’t be patched or upgraded. If you use them in your business, they should be isolated to their own network.
Take the Time to Protect Your Business
Before It’s Too Late.
As you have learned, there is much to be considered, when it comes to protecting your business from today’s hackers. Off-the-shelf software is no longer the answer. The good news is Krantz Secure Technologies can address potential cybersecurity threats. We’ll train your staff to recognize and defend against them. Security Awareness Training, coupled with our Cybersecurity Solutions, will protect your business against today’s ever-growing forms of cybercrime.
For assistance, contact us at (202) 286-0325 or via the contact form on our website.