CYBERSECURITY: A COMPREHENSIVE APPROACH By ANTHONY MONGELUZO PCS
Cybersecurity has been linked to computer use from the first day hackers made an appearance. The coronavirus pandemic has changed the thread of the security conversation like never before.
10
SUMMER 2021 | NEW JERSEY CPA
Though remote computing has existed for decades, what was essentially a trickle of workforce participation has turned into a waterfall. With a large workforce operating outside the traditional office, it’s worth reviewing cybersecurity issues from outside the office walls before turning inward. HAVE COMPUTER, WILL TRAVEL? Not quite. This is an unexpected issue that my accounting clients and others ask. How safe is our data with staff working from home? If a team member uses their own computer and connects to your network, it presents a plethora of security issues. It dramatically increases the possibility that their device is the attic door to someone hacking your business. Here is a simple analogy: If you are circumspect about your home security and allow a dog walker, house cleaner or neighbor to have entree, an intruder only has to obtain the key or combination from any of these people to enter. The same principle applies to an employee entering your system with their own computer. You cannot know the quality of safeguards on each staffer’s personal computer and whether it is equal to what you use on the office’s network. The choice is yours. You can accept the risk and reach for your prayer beads, hoping for the best. Allowing staff to use their devices creates problems of uniformity and security. Each individual computer could have a different security configuration. Also, you face the possibility that a wide variety of technical issues will arise that your IT person will have to confront. Think of a mechanic and your Audi. Do you want the guy who works on Audis every day or the one who sees one Audi per month?
One way to solve the issue is to make the investment and provide all your employees with a company laptop (or yes, even desktop) which is explicitly configured with your safeguards in place. You add uniformity to the security issue and stunt possible technical issues. Another benefit is that you eliminate downtime. Don’t assume there’s a computer for everyone in a household. If you need that report by 6:00 and your staffer has a high schooler who needs to log in for the advanced placement test, the last thing you need is conflict over who gets to use the computer. And a smartphone is not always the obvious answer. If an employee uses a company computer, you can configure it the way your IT person or consultant suggests, ensuring that everyone is on the same page with capability and security issues, including monitoring how a staffer uses it. According to the Ponemon Institute’s 2018 State of Cybersecurity in Small and Medium Size Businesses study, “Mobile devices are the most vulnerable endpoints or entry points to networks and enterprise systems, according to 55 percent of respondents. Almost half (49 percent) of respondents say the use of mobile devices to access business-critical applications and IT infrastructure affects their companies’ security posture.” CYBERSECURITY ACTION PLAN The following tried-and-true tactics can bolster your company’s security: y Perform proper backups. I still see businesses (yes, even accounting firms) that regularly fail to back up their data. I’ve covered this before: offsite, onsite and DON’T keep the hard copy at the office (flood, fire, burglary). This trident security approach will provide the backup you need. y Segment access. Who has access to client data? This can be touchy. It begins by encrypting your drive, resulting in only allowing some employees to have access. If you have a more extensive accounting practice, it is almost mandatory that you segment access according to a need-to-know formula.
