Cybersecurity experts often refer to the 10/90 rule. The rule suggests that 10% of cybersecurity is reliant upon technology such as firewalls, anti-virus software and related tools. 90% of cybersecurity is up to the users. This past September (2017), the IRS released they were receiving reports of data breaches with tax professionals at the rate of three to five per week. A level they stated requires immediate attention.
Making daily security a part of the job that is easy to do and laborless, through education, is the intent of this series.
Data security in any business is only as strong as the least-informed employee. Additionally, security awareness must extend beyond the office and into homes. Many small businesses have employees who work from home or use their own technology devices for business. If that employee does not have a solid grasp of policies for cyber security, they could be putting the entire business at risk.
Businesses should conduct on-going education of office staff to combat daily threats, including spear phishing emails, identity theft of the business, ransomware attacks, account takeovers, business e-mail compromises, and remote takeovers. The education need not be formal classroom style or even in depth on fighting cybersecurity threats on grand scales, but should instead focus on recognizing a threat when seen.
- Spear Phishing E-Mail Avoidance
- Account Takeover Tactics
- Data Breaches and Business Identity Theft
- Ransomware Defense
- Remote Access Takeover Threats
- W-2 E-Mail Scams
- Protecting Service Accounts
- Protecting Client Businesses
- Data Security an Every Day Priority
- Recovery from an Attack or Breach
“We continue to see new and evolving threats involving data breaches, intrusions and various takeovers that put people’s personal information at risk,” said John Koskinen, IRS Commissioner. “These efforts are increasingly targeting tax professionals and businesses with tax information. Too many still overlook basic security steps needed to protect their data. As part of this, we urge the tax professional community: Beware your inbox. Don’t take the bait from these phishing scams.”
“We’ve been warning tax professionals that they are increasingly the targets of national and international cybercriminal rings. These syndicates are well-funded, knowledgeable and creative. It’s going to take all of us working together to combat these identity thieves,” Koskinen said. “But doing nothing or making a minimal effort is no longer an option. Anyone who handles taxpayer information has a legal responsibility to protect it.”
As shown in recent breaches, those who possessed the data are being held accountable for protecting it. As a small business owner, it’s time to do more than just the minimum to ‘make an effort’. It is time to take serious steps on your security and protection of your clients. And that starts with educating yourself and your employees.
Below is a newsletter sign-up form. We will be publishing this 10-part CyberSecurity series on our newsletter. Sign up for it, today.