5 Threats to CPA Customer Data

CPAPolicy.com Security Primer 5 Threats to CPA Customer Data The first step to securing your environment is to develop and implement enforceable information security policies and supporting processes. There are no one-size-fits-all policies. Consult with a professional. Threat 1. Weak Passwords Password Length Comparison abedefghijkimnoparstuvwnyz 2 Days Time it takes to crack an 8 Character lowercase Password 210 Years Vs. ressao0123456780tABCDEFGIKLMNOPORSTUVWXYZN"."abcdefghijkimnoparstuvwxya0 Time it takes to crack an 8 Character Password that uses Time it takes to crack 1.899 Millennia all characters an 10 Character Password that uses all characters Create your own "crypto" method to remember complex passwords. Shifting your finger position 1 key to the right, for example, makes a simpte password tike "Daisy-47 PRO TIP become "Fsodu-58" Threat 2. Unsecured E-mail Communications The moment you hit SEND the path your e-mail takes is beyond your control! Packet Sniffers can capture wireless plain text communications and Malicious Software can exist anywhere along the data path. Ineed the data for the meeting today, can you grab it for me? Compromised servers can relay e-mait to a data thief Even if the e-mail reaches its destination without compromise there is no certainty that your cdient wilL be the only one reading the contents. Their own system may be compromised, or they may have granted others access to their account (spouses, business partners). When a client requests confidential information via e-mail you need to be prepared. Knowing how to handle data securely and demon- strating to your client that you take security seriousty may differenti- ate you from your competition. Security is an excellent selling point. PRO TIP Threat 3. Unsecured Wireless Access Points Manufactures of wireless access points have made big strides in simplifying the process of securing wireless networks but for an office with more than 1 P ef most consumers. Attacking your systems mightComplex, and auditing/ control of wireless networks is s eyond the grasp intermet may be targeting your Wireless Access simply to access the internet and conduct illegal activities. When investigated by Law enforcement would you be able to provide an audit trail and prove that you were not the culprit? PC setup can still seem quite c not even be their goal. People looking for free internet or (for them) anonymous Users of WEP have a false sense of security. WEP, in fact, has been crackable since 2001 and automated tools exist today that make cracking WEP easy for even non-technical people US Average Hello World! My SSID is: CPA2 Unless you had a dual-major in Accounting and IT don't go it alone. Ifa breach does occur its important that you be able to demonstrate that you took all reasonable precau- tions to protect your data, including having a professional install and manage your network security. Network Type: Open PRO TIP 60 - 70% ISECURED UNSECURED Threat 4. Improper Data Management / Disposal According to the National Computer Security Association It can take 21 days and $19,000.00 to recreate just 20 Megabytes of Accounting Data The information security trifecta occurs when a company can protect the Confidentiality, Integrity and Availability of Information Systems throughout the entire information life cycle. Failing to property design, implement and sustain information security will result in data loss that may compromise your customer information and put your business at risk. Start by identify who within your organization handles confidential data and what their role requires, then implement controls and training programs. Make sure training is suited to your company's needs and competencies. When a client requests confidential information you need to be prepared. Knowing how to handle data securely and demonstrating to your client that you take security seriousty may differentiate you from your competition. Security is an excellent selling point. PRO TIP Number of times a Hard Drive should be overwritten before 46 reuse. States have Disclosure Laws Threat 5. Lost / Stolen Laptops 97% of Laptops that are stolen are never recovered. If your laptop contains customer information you may have a legal obligation to disclose the data loss to your customers and up to 20% of customers that are provided a disclosure will never do business with you again. Many state disclosure laws, however, DO NOT require a disclosure notification IF your data is Encrypted making disk encryp- tion an affordable risk mitigation step. $102,000.00-What a Data Breach could cost a CPA with 500 customers. 47.8%- Cost Increase of Data Breaches Since 2005 S4 Bilion In addition to encryption cable locks are an affordable deterrent to theft. Use a cable lock at your desk and in your car. Securing a cable lock inside your vehicle's trunk will enable you to lock your laptop down when travelling. nupattended Losses related to information stored on stelen laptops. PRO TIP 1 Bon Never leave your Laptop u even in a locked vehicle. Losses related to Hardware for Stolen Laptops Provides Information Security Consulting to the CPA Community. Visit us at CPAPolicy.com, follow us on twitter @cpapolicy or e-mail us at [email protected]. !!!!!!