Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Do’s & Don’ts

Published byMoris Hubbard Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security Do’s & Don’ts"— Presentation transcript:

1 Cyber Security Do’s & Don’ts - 2019
IMTIAZ MUNSHI, CPA – Co-founder & CEO, Aztec Technologies Vice President, myCPE LLC President, Munshi CPA, PC LINKEDIN - -

2 LEARNING OBJECTIVES Introduction to Cyber Security
Identifying characteristics of best security practices Choosing the appropriate security tools / techniques Identifying Cyber Security do’s and don’t’s

3 CYBERSECURITY – AN INTRODUCTION
Meaning and understanding Concept Importance Financial Consequences Business Perspective – for the market and business owners Approach towards Cybersecurity

4 FRAMING THE QUESTION AT HAND
Security – a complicated necessity Need to be simple Passwords are important Assurance of security – systems approach People make policies work Right tools – Effective Results Verification is necessary to ensure trust

5 For Small Accounting Firms
DATA PROTECTION & ITS RELEVANCE For Small Accounting Firms

6 CPA’s AS TARGETS FOR ATTACKS
CPA’s have Confidential and Sensitive client Information. Lack of knowledge regarding good cybersecurity practices Weak Passwords Lack of proper IT controls; outdated hardware

7 DATA PROTECTION – WHY??? A Healthy Business Practice
Protecting the Firm’s Reputation Assistance in Risk Management Industry Requirements Regulatory Essentials Complying with Patriot Act / GDPR / AICPA’s GAPP Safeguards Intellectual Property

8 TECHNOLOGY FOR SMALL ACCOUNTING FIRMS
Personal Computer Centric Approach Operations Based on - Windows and MS-Office and Data Servers Networking Infrastructure Remote Access Public Cloud Website and Private Client Portal Data Backups

9 Why CPA’s are easy target for Hackers ?
Polling Question 1 Why CPA’s are easy target for Hackers ? Confidential and sensitive data of Clients. Lack of Knowledge and Weak Passwords Lack of Proper IT Security Measures. All of the above.

10 DATA LOCATION Storage While Communicating
Obvious locations – Servers, Backup Storage, PCs Not-Obvious: , Smartphone, Cloud, Printer etc. While Communicating s Uploads/Downloads LAN & Wi-Fi Transmission Online Meetings

11 DATA BREACHES Unintentional – Human errors Intentional
Transmitting to the wrong -address Poor passwords Device mal-function, or lost/stolen devices Intentional Internal (rogue employees) External Malware attack Direct external breach – Less chances as not attractive targets

12 CONSEQUENCES OF DATA BREACH - 1
Cost to client Identity theft, IP leakage Compromised bio metrics Financial damage Cost to business Confidential details leaked Revenue loss Damage to trust and reputation of brand

13 CONSEQUENCES OF DATA BREACH - 2
What would follow - Ransom Demand Financial costs of data recovery, and notifications to protect interest of the clients Litigation Fines and Penalties

14 AN ENTERPRISE APPROACH TO CYBERSECURITY
KEY FACETS - Prevention Detection Remedy Reporting

15 HOW TO MITIGATE RISK? Prioritizing security when setting up systems
Framework of tech policies and procedures Assuring physical security of data –staff, maintenance personnel, vendors, ex-employees Implementing hardware and software solutions – organizational buy-in Cyber Insurance

16 NETWORK SECURITY Strong firewall settings Strong password policies
Using ‘PRO’ versions of software + regular updates Anti-malware software Managed access to network & storage Broadband and Wi-Fi access Application access control Data encryption in transit – Restrictions on data access in software applications

17 POLLING QUESTION 2 How Data is breached ? Wrong Email Address
Poor Passwords Malware Attacks All of the above

18 HARDWARE SECURITY Ensuring server protection Secured Desktops
Phase out obsolete hardware IT infrastructure management Ensured security measures from Internet of Things

19 SECURITY PERSPECTIVE OF MOBILE DEVICES
Mobile Devices - Smartphones, tablets, laptops, USB drives Setting up Right IT infrastructure - Company owned or BYOD Data stored in Mobile Devices (e.g. ) Mobile device management systems Rights policies and effective enforcement

20 REMOTE ACCESS AND CYBERSECURITY
Desktop devices at homes and offices Hosted virtual desktops No DIY fixes No Starbucks Beware home Wi-Fi

21 CLOUD TECHNOLOGY Utilizing the cloud technology
Public Private Hybrid Key points while using cloud technology Encrypt sensitive files stored in cloud Strict company policies Considerations for the Patriot Act Section 125 / European GDPR

22 EMAIL SECURITY Email Security Facts Email Security Recommendations
Security is assured only before the is sent, beyond that it is uncertain Highly vulnerability to human errors Need for encrypting message body and attachments Modest adoption of encryption on account of complexity 38% who do encrypt use manual encryption Study: 30% of business needs encryption Security Recommendations Must not interfere with workflow Must maintain file format of encrypted attachments

23 CYBERSECURITY STARTS WITH PASSWORD SECURITY

24 PASSWORD STRATEGIES Multiple Authentication
Something you know – Password Something you possess – A token or a specific Smart Card Something you are – Biometrics such as thumb prints, Retina Eye verification An identification Password Screen Image Alternative authentication methods No Password Required Device access restricted within premises or Geo-Location Company policy for passwords and passphrases Password Management Tools Randomly generated passwords Add layer of authentication – Dual or multi-level security for higher sensitive data

25 Which Password Strategy is best ?
POLLING QUESTION 3 Which Password Strategy is best ? No Multiple Authentication Easy to remember passwords Biometrics

26 PRACTICAL TIPS FOR SMALL FIRMS
QuickBooks data file transfers – “Qbox” is one solution Recover lost QuickBooks admin password - Password Managers – LastPass; Dashlane Remote access software – Logmein; PCAnywhere; GoToMyPC Remote desktop connection – set up a dedicated IP address Sample Staff Technology Policy – Starbucks – use your phone hotspot instead of free Starbucks WiFi encryption - docNCRYPT

27 CYBER SECURITY - MUST DOs

28 CYBERSECURITY FOR SMALL FIRMS THE MUST DOs
Educate yourself and your staff about Cybersecurity Company Tech Policy signed by all staff members Use strong logins and passwords Multiple authentication where possible Change passwords regularly Encrypt sensitive information Disk drives and folders Individual files Protect all devices against malware (even admin computers) Update your systems and software regularly Hire an expert Backup data daily; archive 4 weekly backups

29 CYBER SECURITY DON’TS

30 CYBERSECURITY FOR SMALL FIRMS THE MUST-NOT-DOs
Don’t leave your device unattended in public places Don’t forget to lock your device when not at your desk Don’t trust – verify and ensure Links Software Programs Don’t write down passwords Don’t open and attachments from unknown sources Don’t plugin unauthorized devices to a work or personal computer Don’t use public WiFi; use your mobile phone hotspot if you have to Don’t provide your normal WiFi PW to guests; setup a guest PW instead

31 ‘Do It Yourself’ VS ‘IT EXPERT’ – A COMPARISON
Cost Assurance Failure Risks Success ratio – Statistics for small firms Compliance Need of the changing times

32 PREPARING TEAM FOR THE CHALLENGE
Training Testing Implementing policies encryption Strict policies and enforcement regarding mobile devices on premises Telephonic confirmation required for wire transfers Confirmation Text

33 SESSION OVERVIEW Cybersecurity – understanding and importance
Data Security and relevance for Small Accounting Firms CPAs as targets Tech for small CPAs Data breach – Types and Consequences Enterprise Approach Towards Cybersecurity Framing the questions at hand Do’s and Do not’s DIY Vs. IT Expert a Comparison How to prepare your team for good cybersecurity

34 THANKS! DO YOU HAVE ANY QUESTIONS??? REACH ME -

Download ppt "Cyber Security Do’s & Don’ts"

Similar presentations

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.

Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Program Objective Security Basics

Program Objective Security Basics

Similar presentations

Ads by Google