Just like so many other instances in life, sometimes IT security comes down to trusting your gut.
That’s one of the biggest lessons we took away from our session with Byron Patrick, CPA, CITP. He’s brilliant when it comes to keeping your business safe and secure from attempted security breaches, which are, of course, becoming ever more prevalent in today’s world.
“Seventy-five percent of data breaches occur because of the human element,” Byron said.
Whether you run a large business, or you’re just interested in internet security for your personal use, the same principles apply.
First, according to Byron, you’ve got to listen to your gut. If you get a suspicious email that you already feel like you need to forward onto the IT department to see if it’s a hacking attempt or something malicious, then you probably already know the answer! Go ahead and delete it.
Second, if something is trying to inspire urgency or fear when you read it, that’s likely a malicious attempt, too.
Sometimes, employees need a little practice in making these decisions — click or delete can maybe feel a little like “fight or flight,” so it’s all about honing that instinct.
“We do security tests where we send phishing emails to our clients and see who clicks,” Byron said. “We’re helping to teach them what to look for, and put the fear of God that they’re going to fail the test and get in trouble with the boss, which protects them. … The other benefit is it enrolls them in a short 5- to 10-minute training that they then have to complete because they failed the test.”
Plenty of these phishing attempts are getting more sophisticated as technology evolves. However, it’s not just your business; you have to worry about: It’s also essential to think about IT security when you’re at home.
Who else owns some device — like an Amazon Alexa or a baby monitor — that hooks up to your home WiFi? These devices are incredibly popular, but unfortunately, we’re still not sure about how secure they are.
“There have been stories of crooks gaining unauthorized access to things such as baby monitors, watching the home, and learning the behaviors and activities, and they can figure out when the home is empty and go right in,” Byron said. “So that’s where you need to make sure that devices you’re putting on the WiFi network are segregated, isolated, and they require additional authentication. You want to make sure it requires additional authentication, passwords, or something.”
In this day and age, there’s plenty of these conversations to be had: the risk vs. reward of convenience vs. giving up a certain level of security.
However, as long as you’re using extra authentication, and protecting yourself against the human element of phishing attempts (training your employees to make sure they understand what *not* to click), Byron talked a lot about the benefits of running your business in the cloud.
Cloud-based systems are enormous right now — this is where you don’t have to log in to multiple apps on your local computers. Instead, everything is browser-based, so your workforce can work outside of the office.
“Organizations are now adopting all of these browser-based applications,” Byron said. “They’re adding multiple logins to all their staff. They’ve got data all over the place. Also, talking about how to gain control of that browser-based computing platform for your business, and how to do it efficiently, effectively, and securely.”
So what are a few must-have apps that Byron suggests every CPA have to run their business?
- Some form of online accounting, whether this is Quickbooks or something else
- Zoom (for communication with remote employees)
- Office Lines (for taking photos and converting them into different file types, like a PDF or JPEG)
However, remember: The convenience of all these apps comes with an inherent risk. That’s why it’s essential to stay up to date on security risks. Above all, train your employees on how to minimize that risk and work safely and securely. Also, that’s exactly what Byron encourages through his work.
“It is an ever-changing world,” he said. “And, you know, we’re trying to pivot and stay up to date to make sure that we can keep bringing that value to the industry and keep everybody relevant.”
Listen to the full podcast episode by clicking here.