How to Bolster Your Business’ Cyber Security

Even in the midst of National Cyber Security Awareness Month, there were many news stories about cyber attacks on both large and small businesses. For example, according to The HIPAA Journal, claims management software company Systema reported a data breach that exposed almost 1.5 million patient records including police injury reports, drug tests, Social Security numbers, and detailed notes from doctor visits. Similarly, the American Bankers Association reported a data breach involving email addresses and passwords used to register and make purchases on its site, affecting more than 6,000 users.

According to Symantec’s 2015 Internet Security Threat Report, there were 312 data breaches that exposed more than 348 million identities in 2014. Industries and sectors, such as health care, retail, education, and public companies, were impacted by a number of incidents. It seems businesses, no matter their size, are increasingly being targeted by cyber criminals.

My colleague and Kaufman Rossin’s director of information security, Jorge Rey, CISA, CISM, CGEIT, specializes in information security. He answered the following questions for small business owners looking to minimize their risks.

What types of cyber attacks can occur?

Although there are many ways companies’ data can be compromised, here are a few common types of cyber threats you should know about.

  • Social engineering: Phishing is one of the most common and efficient social engineering methods used by cyber criminals. These kinds of attacks trick victims into providing confidential data, such as passwords, Social Security numbers or account numbers.
  • Trojan Horse: A type of program that first appears to perform a legitimate function, but actually damages software during the process.
  • Malware: Software such as bots, viruses, rootkits and spyware, which is used to install programs on Internet-connected computers without the owner’s informed consent.
  • Business Identity theft: This form of identity theft is more than just an information security breach; it involves actual impersonation of the business itself to gain access to financial information.
  • Personal Identity Theft: Criminals use many different techniques to steal personally identifiable information, which they can ultimately use to fake the identity of a victim to commit fraud or another crime. Tax-related identity theft, in which a victim’s Social Security number is used to file a false tax return claiming a fraudulent refund, is one of the most common schemes affecting individuals these days.

What are some ways to mitigate IT security risks?

Businesses can mitigate their IT risks by implementing an information security program, which includes policies and procedures related to cyber security. There are a few steps you can take to enhance the security of your computers and networks:

  • Installing and maintaining anti-virus and malware-detecting software and firewalls
  • Performing IT security evaluations periodically
  • Enhancing security protocols (e.g., two-factor authentication) that could help mitigate the risk of a data breach, especially for companies that work with banks and credit card processors

In addition, it is important that companies address one of their greatest vulnerabilities: their employees. With proper training, your employees can help defend your business against cyber threats.

How can I educate my employees about cyber security?

One of the best ways to increase your employees’ cyber security awareness is social engineering testing. A qualified consulting firm can help perform these tests, which involve sending phishing-like emails to targeted employees, allowing you to monitor the effectiveness of information security policies and procedures at your company. Employees who click on a fake link within the email are taken to a website with resources about phishing, and the test results are recorded and provided to management in a detailed report. Social engineering testing may be conducted quarterly or semi-annually.

Here are a few tips employees should consider to avoid falling victim to cyber-attacks via email or a browsers:

  • Resist the urge to click links in suspicious emails
  • Check web addresses of a link or sender’s email address before visiting any site
  • Search or visit websites directly instead of clicking links in emails
  • Be careful with email attachments
  • Check for signs of poor grammar, misspellings or image resolution of logo

Any other cyber security tips for small businesses?

Watch this video to learn 10 tips that can help you protect your business from cyber attacks.

_____
Lisa Kahn Little, CPA, is an associate principal in the Entrepreneurial Services department of Kaufman Rossin, where she works with entrepreneurs, high-net worth individuals and nonprofits. She is a certified QuickBooks ProAdvisor, a licensed Certified Public Accountant in the State of Florida, and a member of both the American Institute of Certified Public Accountants and Florida Institute of Certified Public Accountants. Lisa can be reached at lklittle@kaufmanrossin.com.


Lisa Kahn Little, CPA, is a Entrepreneurial Services Associate Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.