Ken Pyle, 15-year vet in Information Technology (IT) and Partner at DFDR Consulting, can show you exactly how to protect your accounting firm from cyber attacks. A topic touched on for the first time on the podcast, as IT continues to develop and grow, tech isn’t the only thing that gets more sophisticated --- cyber attacks do as well. Ken works daily to protect accounting firms like yours. In this episode of Grow Your Firm Podcast, David Cristello and Ken Pyle cyber-chat about:
- The #1 vulnerability in your firm
- Steps to best protect your firm from cyber attacks
- Top attacks you will face as a firm
- Linkedin - Ken Pyle
- DFDR Consulting - Ken’s firm
- Top Communication Apps for Accounting Firms (that are safe)
- How to Shift Your CPA Firm to Work in the 21st Century
- PHISHING: You might’ve seen phishing in the past. Most commonly, it is done through emails. You’ll get a message from what looks like a real company (or even from what looks like a well-known company --- but, slightly disguised). The message will ask a user to click a link and enter information. Right when the link is clicked, malware picks up your keystrokes and information and can steal it to try and steal information and money from you.
- CRYPTO ATTACKS: Similar in nature, you will most likely get an email from the attacker. The attacker found your firm’s information and they send a message, perhaps from someone you know who already fell for the trick, asking you to download a Dropbox, Google Drive folder, etc. After you download, a malware infects your whole hard drive. The only way to get back in is by paying the hackers.
- Don’t click on email links EVEN IF YOU KNOW THE PERSON --- if you’re even 1% unsure about an email, give a call to your teammate
- Use a portal for client documents rather than attaching emails. Anything you can keep out of email, the better.
- Double check your emails are encrypted every time. This requires additional security layering, but it provides that extra layer of protection.
- Don’t send passwords through email. Sending two emails for confidential information doesn’t stop hackers, if they have access to your email, they will see both emails.
The Power of the Right Passwords:In the past, you could get away with simple passwords. Now, intrusive algorithms can crack short passwords in a matter of minutes. Ken, himself, could crack any 10 digit password in a matter of hours. 10 digits is already a lengthy password, and most don’t even have a 8 digit password. Keeping passwords on your central hard drive can lead to issues. If you don’t want anyone to see something very private, it’s best not to even put it on your work computer (including your passwords).
THE BEST PASSWORDS GUIDE:Ken recommends getting used to the idea of a 15 digit password (yes, 15). A 15 digit password is the threshold for algorithms to have the most difficulty breaking in. A memorable trick to remember a password this long is to make it a phrase you would know. Rather than try and remember a log of random letters and numbers, simply put together a sentence only you would know. Computers have trouble untangling a group of words together, but for a human, it’s simple. An example --- mycarisblackwithfourdoors It sounds like an easy password, but for a hacker, this is difficult to crack. Don’t include personal information that is easy to find (especially birth-dates or zip codes). Your password is your first line of defense against hackers, make it strong. Your policies: HR and the IT team need to be in constant communication, especially with hiring and firing. Wells Fargo had 5,500 employees committing fraud due to the lack of policies and checkpoints in place. Especially, when it came to which employees could be granted access to certain areas. Disgruntled employees are the most likely batch to cause security breaches on your team. Many times, you may not know an employee is disgruntled until it is too late. You must monitor and have policies behind certain actions. Most CPA firms don’t have enough manpower on the IT side, and policies fall through the cracks because the IT team can’t keep up with everything. The IT team should be given full power over the securities of the firm and can take action as needed. Ken sees too many firms not giving their IT team enough power and then the team is blamed when a breach occurs. In this technological age, you need to bolster your IT side. One bad click could cause your client’s data to be publicly known. This could lead to a domino effect where your firm is exposed to massive penalties and repercussions. Protect your accounting firm from cyber attacks. You can find Ken speaking at many tech and accounting conferences, spreading the word about protecting your company. Related Articles: