Worrells risks mitigation experts explain the problem
It seems that we are constantly being bombarded with news of security breaches which often involve customers and employee information being accessed by fraudsters and or hackers. Terms such as “heart bleed” and “in the wild zero-day” are the latest in a long list of headlines pertaining to cyber security breaches.
Recently we were advised not to use the Internet Explorer Web browser until a fix could be found for a security flaw that has just come to light. This latest threat does not rely on unsuspecting users clicking on a link or opening a dubious attachment. Rather by using a remote code execution a fraudster may be able to sneak malware onto your computer by tricking Internet Explorer into launching executable code sent from outside your network.
Also this week technology giant Apple discovered a hole in their Developer Centre system that allowed anyone to access employee and developers personal contact information. The developer who discovered the hole sent an email to the tip box explaining the flaw and Apple quickly responded and patched the security hole.
When large corporations are struggling to ensure data security, it begs the question: How can smaller businesses possibly keep up?
The answer is far from simple however it is essential that resources are devoted to Information Technology Risk Management. For those accountants reading this article you would know that APES 325 requires all practitioners to have a risk management framework that includes information technology and it is suggested that all businesses would be well served by reviewing their Information Technology systems and implementing appropriate risk management policies and procedures.
Whilst cyber security is daunting there are many things that can be done that are not highly technical and are cost efficient. Data encryption is one of the tools available to everyone and if your policy is to encrypt everything you will never have to worry about the files you did not encrypt. By using data encryption software you ensure that data stored in various mediums including laptops. Smartphones, USBs and in the cloud is not easily accessed. Next to USB keys, mobile phones are the items most often misplaced, lost or stolen. From our smart phones we access confidential email, intranets and all sorts of sensitive documents and information yet the majority are not using any form of encryption and do not have password protection enabled.
Whilst passwords and data encryption are two of the simplest ways to protect your data it is also essential that time is taken to train employees on the basics of cyber security.
Knowing where the risks are goes a long way to preventing exposure, and education is the key. Make sure your staff are aware of the pitfalls of free Wi-Fi networks and the potential for people to eavesdrop on their activity whilst logged in at the local coffee shop or airport lounge. Ensure apps are only installed from trusted sources, and when apps request access to information, decide if it is necessary, for example google maps will want to know your location to be able to provide you with directions, however a calculator app should not require this information to function.
Fraudsters are constantly looking for new ways to make money and technology allows them access to a world of resources. You would not leave your office unattended and unlocked so take the time to ensure you don’t give the fraudsters electronic access.