The increase in cybercrime in the past several years shows no signs of abating, and as more of our business and personal lives are online the potential for compromise of financial accounts, email, and company data keeps growing. Our vulnerability is compounded by the increasing sophistication and resources of cyber criminals.
In the workplace, business email is the entry point for the majority of cybercrime, and good password practices are vital to protecting company data.
PASSWORD SAFETY
Central in the effort to protect company data from attack is a strong password policy. Employees should receive training in how to devise good passwords – and how not to.
What not to use:
- Child’s first name and birth date
- Pet’s name
- Past street address – Past and present street address
- Name of your spouse
- Wedding date
- Your birthday or family member’s birthdays
These are all bad choices for passwords, as they are too closely related to data that may be found online about you and could make your accounts more vulnerable to hacking.
What to use:
- Combination of uppercase and lowercase letters
- Use at least eight characters, the longer the better – We recommend at least 12 characters
- Abbreviated phrases – We recommend using passphrases
PHISHING EMAILS
Phishing emails lead the way as points of entry for cyber criminals. Phishing emails are emails that typically appear to come from someone you know, or from another company that you do business with, perhaps a vendor. Often, they use the logo of the company, and may even appear to come from someone inside that company with whom you regularly communicate with. How do they know who you regularly email with? They may already have access to your email account because they guessed your password and they’ve been monitoring your emails.
A phishing email may try to gain access to your company’s server or financial accounts by posing an “urgent” problem prompting you to change passwords or make a quick payment by credit card. Or it may contain a link that, if clicked on, gains access to your company’s network.
RANSOMWARE
Emails also can expose businesses to ransomware, malicious programs that can infect computers by prompting a victim to click on a link which then allows the ransomware to attach itself to the computer and infect the company’s server.
Ransomware is exactly what the name implies – it locks up the company’s data, enabling the cyber criminals to hold the data hostage and demand a “ransom” payment in return for releasing it.
Some victimized companies pay the ransom, however there is no guarantee the cyber criminals will decrypt the data. Others ensure their data is backed up frequently enough so t if it were encrypted , they could decline to pay ransom and simply recover the data from the most recent backup.
DOES CYBERCRIME IMPACT BUSINESSES IN OHIO?
In the recent Manufacturing Advocacy and Growth Network (MAGNET) survey of Ohio manufacturers, 52 percent of respondents reported their businesses had been the targets of phishing schemes, 35 percent said cybercrime had impacted their operations, and 22 percent had their data locked by hackers. Accordingly, a majority of companies – 65 percent – said they have implemented some risk awareness training for their employees, with most of them bringing in an outside cybersecurity firm for its expertise. Yet only 31 percent reported that they perform phishing exercises, breach attempts, or penetration testing as part of their cybersecurity efforts.
HOW TO PROTECT DATA: TACTICS AND SOLUTIONS
To protect your company’s data from cybercrime, at minimum take the following measures:
- Back up your data as frequently as necessary to minimize the damage if it is compromised. This could be once every 24 hours. It could be once every hour. Consider how rapidly your company’s data changes – based on the size of your company, number of employees inputting data on a daily or hourly basis, and your marketplace – and devise a backup and recovery plan that would enable you to be back up and running as quickly as you need.
- Be sure that your computer system is patched at least monthly. Patching means to fix security vulnerabilities or improve the operation of your system by fixing bugs. Patching must be done regularly; it’s not one and done.
- Require vendors to show evidence of good cyber security practices. The major breach that Target stores experienced several years ago started with a vendor whose system was breached.Train your employees to recognize the types of cybercrime that may compromise them, both in the workplace and personally. Include examples of phishing emails and descriptions of how passwords can be hacked.
- Require employees to create safe passwords on all business-related accounts and give them examples of safe passwords so they understand what is needed. Passwords should be at least 12 characters or more.
- Train employees not to use USB drives (“thumb drives” or “jump drives”) that come from a third party until your IT department has judged them safe. Such drives often are picked up at trade shows.
Use multi-factor authentication on all business-related accounts, if possible. Multi-factor authentication requires two or more independent credentials; what the user knows, such as a password, what the user has, such as a security token or smartphone app, and what the user is, such as a biometric verification (fingerprint or retina scan).
Advise employees not to access password-protected accounts on mobile devices using public wi-fi unless they use a VPN, a virtual private network that encrypts your data and communications.
WHO ARE CYBER CRIMINALS?
The old notion of cyber criminals being “lone wolves” sitting in a dark room and wreaking havoc on any computers they can gain access to is a bit passé.
Today, cyber criminals run the gamut from the lone wolves to crime rings that steal personal and financial information to sell on the black market, as well as spies from foreign governments looking for ways to launch cyber strikes.
One thing is certain – cyber criminals are becoming more sophisticated, more numerous, and more threatening. And most companies are more reactive in dealing with cyber threats than proactive.
ADDRESS CYBERSECURITY RISKS TO PROTECT YOUR BUSINESS
The IT consultants at Barnes Wendling CPAs can analyze your company’s IT environment, assess your security, and create a plan to mitigate risk and protect your business from cybersecurity attacks.
If you are concerned about your company’s vulnerability to cybercrime, contact our cybersecurity team for a consultation.
Related Insights
Featured Post
Featured Client Testimonials
BW is a true partner to us. Their knowledge, expertise, and service are a valuable resource to us and play an important role in our success!
John Allen - Vice President of Finance, Kaufman Container
Featured Client Testimonials
I appreciate the exceptional tax advice we received over the years. The (BW team) has a good grasp of our business needs. Thank you for your excellent service.
John Griffiths - Owner, Rae Ann, Inc.
Featured Client Testimonials
Barnes Wendling has been our company accountants for over seven years. Their knowledge has been instrumental in helping us grow strategically during this time. And although we’ve seen many changes in our economy that we cannot control, we’ve always been able to trust the Barnes team to be by our side. The Barnes team feels like family. We can’t thank them enough for their support!
Christine Kloss - Controller, AT&F
Featured Client Testimonials
Barnes Wendling has been our company accountants for over 15 years. During this time, the business has grown exceptionally, and Barnes has kept pace, providing accurate, quality advice. Our finances are more efficient than ever, and the expense of hiring Barnes has been a definite positive add to our bottom line. I give my highest recommendation to their firm.
David Miller, MD - President, Retina Associates of Cleveland
Featured Client Testimonials
Barnes Wendling has provided us guidance and recommendations that have strategically helped strengthen our business and position ourselves for growth. We needed to hire a new VP of Finance and Controller this past year, and they were instrumental in helping us find the best candidates for our company.
Sara Blankenship - President, Kaufman Container
Featured Client Testimonials
We value the trust, accuracy of information, and reliability of Barnes Wendling and Mike Essenmacher personally. Mike has been instrumental as a trusted advisor on accounting, tax, and personnel issues. His advice is always accurate, and he is very reliable. His associates are also very talented.
Dominic Ozanne - President and CEO, Ozanne Construction Company
Featured Client Testimonials
We value Barnes Wendling’s expertise with all things accounting so we can operate our business using our strengths and allowing them to be our experts. They have also brought me a few business sale opportunities to allow me to grow my assets.
John Gaydosh - President and Metallurgical Engineer, Ohio Metallurgical Service
Featured Client Testimonials
Barnes Wendling (especially Lena) did a great job with our financials. Everything. It is extremely refreshing and comforting to know that all of our numbers are not only correct, but they are in the right place(s). Your diligence and reporting truly does make me (personally) feel better.
Thomas Adomaitis - Controller, Bialosky Cleveland
Featured Client Testimonials
I can wholeheartedly tell you that I have yet to work with an audit or tax team that have been more helpful, easy to work with, and committed than the team at Barnes Wendling- I have been through three different firms in the last few years.
Michelle Saylor, Former Controller, Aero Mag
Featured Client Testimonials
Floyd Trouten at Barnes Wendling CPAs is an “expert’s expert” when it comes to M & A accounting. Not only does he understand the evolving details of the Tax Code but he also sees the fine points of their application for owners, managers, investors, and financiers.
Mark A. Filippell, Western Reserve Partners
Featured Client Testimonials
The service is amazing at Barnes Wendling CPAs. The benefit is worth more than the cost. Sometimes it’s true that you get what you pay for.
Mark Boucher - Former Owner, Castle Heating & Air