Digital communications and online activities are so prevalent today that they’re essential to business success. Unfortunately, digital opportunities also bring the potential for digital information threats. CPAs – as business owners, employers and employees, advisers and planners – are in a position to help protect businesses and clients. Make sure you are thoroughly versed in the latest developments on cyber security and industry best practices for deterring and combatting the viruses and scams that can confuse clients and customers and, in some extreme situations, ruin IT systems.
Everyone is susceptible to cyber attacks. In the past several months, “phishing” scams have been aimed at the Internal Revenue Service, the Vatican, the Better Business Bureau, Fox Broadcasting Company, Sony Pictures Entertainment and the AICPA. In the recent email scam using the AICPA logo, please note our systems were not compromised and we are working with law enforcement to investigate the source of the fraudulent email. Below are several resources to educate you on securing your systems and personal information.
Through its Information Technology member community, the AICPA has long been developing resources to guide members and others on cybersecurity measures. Here are a few of them:
- PDF of a November 2011 webcast on information security (AICPA IT section members only)
- Digital best practices for CPA firms and companies (accessible by AICPA IT section members only)
- Information security management guidance and information
The federal government and its agencies have gotten involved in cyber threats as well. Following are related articles:
- White House, NSA, Weigh Cybersecurity, Personal Privacy (Washington Post, 2/27/12)
- White House Cyber Czar Wants Comprehensive Bill (1/27/12)
- SEC Proposes Rules to Help Prevent and Detect Identity Theft (2/28/12)
In addition, you may find these articles, websites and videos of interest and helpful:
- Email Providers Step Up to Axe Phishers (Wall Street Journal – video, 1/30/12)
- Intuit phishing scams related to Quickbooks
- IRS web page on phishing and other scams
- Better Business Bureau
- Spear Phishing (CPA Insider, 3/1/10)
- Have You Been Phished, Skimmed or Dumped? (Corporate Finance Insider, 9/3/09)
- CPA2Biz video blog on phishing, brand-hijacking and other malicious attacks (3/21/12)
- InfoTech Update (free AICPA monthly newsletter on information technology)
According to a January 2012 report by EMC Corporation/RSA:
- 1 out of every 300 emails contains phishing elements
- Phishing attacks were up 37% in 2011
- The U.S. is the second most-targeted country for phishing (U.K. is first)
- Throughout 2011, financial institutions comprised more than half of the entities targeted for phishing
Best Practices to Stay Safe
Symantec Corporation is one of the leading providers of cyber security products and services. Below are some of its recommendations to help avoid cyber attacks, ranging from malware to phishing:
- Regularly update antivirus, firewall, intrusion detection and intrusion protection solutions.
- Keep software patches up to date, especially on systems that host public services and are accessible through your firewall.
- Configure mail servers to block or remove email that contains attachments that are commonly used to spread viruses.
- Train employees to not open attachments unless they are expected and come from a trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses.
- Do not provide personal information such as user IDs, account numbers or passwords in response to an email, even if the e-mail looks legitimate.
- Do not click a site link from within an email. It is best to open a new Internet browser and type the address directly.
- Consider the possibility of restricting Internet use by employees, specifically shopping, as they are opportunities to compromise the network.
- Have emergency response procedures in place, including back-up and restore capabilities in order to restore lost or compromised data.