July 20, 2016
As the latest news stories have shown, no company is safe from security breaches and data risks. Even small businesses are susceptible to hackers looking for easy ways to dig into company databases. However, many small and midsize businesses make the mistake that they are too small to be a target.
So, the question remains as to why we are writing about IT security risks? The answer is two-fold… first, small businesses have to focus even more on the protection of their data, and second is because CPA firms have access to the most valuable information in your organization. It is up to us to ensure it is protected. Below is our list of the top 5 IT security concerns that every small business owner should know:
Business owners need to have a firm understanding of where all the company data is housed, how it is protected and how it is backed up. The current trends of utilizing cloud providers and allowing staff to “Bring Your Own Device” can make these tasks a challenge. Our recommendations to minimize your risk of data loss or security breaches are to:
To prevent malware and virus threats teach your employees to ask before they click. If a user gets a pop-up that says they need to install a new antivirus that they have never heard of, chances are it is malware. Last year we saw malware hidden on reputable websites disguised as advertisements. In addition to user education you need to invest in a good antivirus software.
Social engineering is the manipulation of people in order to get confidential information from them. This could be everything from the Nigerian prince scam, to a fraudster impersonating IT staff attempting to get a user’s password. This past year some of the ugliest social engineering scams we have seen were:
Scammers have been around forever. They are more prevalent today because the advancements made in technology have given them a platform to hit a large number of people in a short period of time. There is only one solution to avoid these scams and that is to educate your staff. You should have regular training and communication to the staff to avoid anyone being compromised by a fraudster.
HP’s 2016 Cyber Risk Report stated that, the top 10 vulnerabilities exploited overall continue to be those that are more than a year old and 48% are five or more years old.
What does this mean?
It means that if the computers that were exploited were patched regularly there would have been no occurrence.
How do you fix it?
You need to use an enterprise tool to ensure all the computers on your network are patched properly. At Hobe & Lucas, we contract with an excellent managed services provider to insure this is done.
When it is time to buy new devices and dispose of the old, you should think twice about giving away or selling old devices. A not so savvy tech person can retrieve data from a hard disk, even if it has been reformatted. The best practice is to destroy the hard drives from the old devices, then dispose of or recycle the remaining carcass.
In many cases, we have seen “operator error” as the biggest risk a company faces. It is important to continually educate your staff and put in place the proper precautions and policies to avoid unnecessary security breaches. We have been involved in numerous engagements assisting clients after a data loss and it is usually very costly. Minimize your exposure now so you don’t have to scramble when something does happen.
We are one of the very few accounting firms to have a Certified Information Technology Professional. Our team has the expertise to guide your IT roadmap and recommend strategies that will help your business operate faster and better. Prepare for the technology of tomorrow by partnering today. Contact us or give us a call at 216.524.8900.