Ken Pyle, 15-year vet in Information Technology (IT) and Partner at DFDR Consulting, can show you exactly how to protect your accounting firm from cyber attacks.
A topic touched on for the first time on the podcast, as IT continues to develop and grow, tech isn’t the only thing that gets more sophisticated — cyber attacks do as well. Ken works daily to protect accounting firms like yours.
In this episode of the Grow Your Firm Podcast, David Cristello and Ken Pyle cyber-chat about:
- The #1 vulnerability in your firm
- Steps to best protect your firm from cyber attacks
- Top attacks you will face as a firm
- Linkedin – Ken Pyle
- DFDR Consulting – Ken’s firm
- Top Communication Apps for Accounting Firms (that are safe)
- How to Shift Your CPA Firm to Work in the 21st Century
The #1 vulnerability in your firm:
Ken Pyle, Partner at DFDR Consulting, has seen it all when it comes to viruses and attacks on accounting firm. DFDR Consulting is a cyber security and digital forensics IT firm.
Many accounting firms hire Ken’s firm as an “outsourced” IT team. Ken sees many firms don’t want to worry about the IT sector of their firm, yet, nowadays, it’s just as critical as ever.
Because on the other side of DFDR, they also do digital forensics. They dissect when a problem occurs or data is comprised and fix it.
“The #1 vulnerability with a firm no matter the size is the user-base.”
The actual people working with the data in the firm and your client’s information — they are the biggest threat to your firm. Obviously, you can’t hire robots, but you can put in best practices and strategies to combat cyber attacks.
Top ways you will be attacked:
Very similar in nature, but different in outcomes.
- PHISHING: You might’ve seen phishing in the past. Most commonly, it is done through emails. You’ll get a message from what looks like a real company (or even from what looks like a well-known company — but, slightly disguised). The message will ask a user to click a link and enter information. Right when the link is clicked, malware picks up your keystrokes and information and can steal it to try and steal information and money from you.
- CRYPTO ATTACKS: Similar in nature, you will most likely get an email from the attacker. The attacker found your firm’s information and they send a message, perhaps from someone you know who already fell for the trick, asking you to download a Dropbox, Google Drive folder, etc. After you download, a malware infects your whole hard drive. The only way to get back in is by paying the hackers.
Ken sees doctor’s offices, law offices, and accounting firms getting hit hardest. Namely, because with crypto attacks, the hackers can demand a large amount of money (Ken once heard the ransom being $100,000) as these types of companies have the most money.
Accounting firms typically have client social security numbers, bank info and more.
Steps your team can take to protect your firm:
The first steps to take are teaching your team warning bells to look out for while going about their day.
- Don’t click on email links EVEN IF YOU KNOW THE PERSON — if you’re even 1% unsure about an email, give a call to your teammate
- Use a portal for client documents rather than attaching emails. Anything you can keep out of email, the better.
- Double check your emails are encrypted every time. This requires additional security layering, but it provides that extra layer of protection.
- Don’t send passwords through email. Sending two emails for confidential information doesn’t stop hackers, if they have access to your email, they will see both emails.
A major issue Ken sees again and again is the lackadaisical attitude towards employees having access to too many areas of the firm’s cyber landscape.
It’s not uncommon to give priority security access to a team member for a quick project and the access never gets revoked. Remember, your own team is the biggest threat to your security.
For you or your CTO, allowing and revoking passes can take some administrative time, but you can’t allow team members to have too much free reign in their capabilities.
The Power of the Right Passwords:
In the past, you could get away with simple passwords. Now, intrusive algorithms can crack short passwords in a matter of minutes.
Ken, himself, could crack any 10 digit password in a matter of hours. 10 digits is already a lengthy password, and most don’t even have a 8 digit password. Keeping passwords on your central hard drive can lead to issues.
If you don’t want anyone to see something very private, it’s best not to even put it on your work computer (including your passwords).
THE BEST PASSWORDS GUIDE:
Ken recommends getting used to the idea of a 15 digit password (yes, 15). A 15 digit password is the threshold for algorithms to have the most difficulty breaking in.
A memorable trick to remember a password this long is to make it a phrase you would know. Rather than try and remember a log of random letters and numbers, simply put together a sentence only you would know. Computers have trouble untangling a group of words together, but for a human, it’s simple.
An example — mycarisblackwithfourdoors
It sounds like an easy password, but for a hacker, this is difficult to crack.
Don’t include biological life information that is easy to find (especially birth-dates or zip codes).
Your password is your first line of defense against hackers, make it strong.
HR and the IT team need to be in constant communication, especially with hiring and firing.
Wells Fargo had 5,500 employees committing fraud due to the lack of policies and checkpoints in place. Especially, when it came to which employees could be granted access to certain areas.
Disgruntled employees are the most likely batch to cause security breaches on your team. Many times, you may not know an employee is disgruntled until it is too late.
You must monitor and have policies behind certain actions.
Most CPA firms don’t have enough manpower on the IT side, and policies fall through the cracks because the IT team can’t keep up with everything. The IT team should be given full power over the securities of the firm and can take action as needed.
Ken sees too many firms not give their IT team enough power and then the team is blamed when a breach occurs.
In this technological age, you need to bolster your IT side. One bad click could cause your client’s data to be publicly known. This could lead to a domino effect where your firm is exposed to massive penalties and repercussions. Protect your accounting firm from cyber attacks.
You can find Ken speaking at many tech and accounting conferences, spreading the word about protecting your company.