Small firms are big targets for hackers: Engage

/in


While big cybersecurity events dominate the news — most recently the Colonial Pipeline and JBS breaches — cybercriminals are also targeting smaller businesses, and small to midsized accounting firms need to be aware of how to protect themselves.

Cybercriminals often use social engineering to get into systems. These phishing attacks can take the form of bogus emails from “colleagues” enticing users to pass along sensitive information, or hand over passwords.

One of the most important things firms can do to avoid becoming the target of a breach is employee training, said Roman Kepczyk, director of firm technology strategy for Right Networks, during a session at the AICPA Engage 2021 conference this week in Las Vegas.

“What I see at firms when discussing these threats, sometimes, is partners and staff just roll their eyes — it’s led to what we call breach fatigue,” he said during his session at the conference. “And so what I encourage my firms to do is random pop-up training and sessions, which can be done with products like KnowBe4, a phishing testing company that does random spot testing and training on different cyber topics so awareness remains top of mind.”

The stresses, confusion and workplace changes related to the ongoing COVID-19 pandemic have naturally led to spikes in cybercrime, because companies and individuals are desperate, tired, and therefore easy targets to be tricked. Other high-spike times are holidays, like Christmas or Thanksgiving, for the same reasons.

Even though it seems simple, staying on top of the little things can make a significant difference to data safety at a firm, Kepczyk explained. Make sure staff don’t stick passwords onto their laptops, or leave their computer programs or even office doors propped open, for example. He warned against stepping away from your screen even for a minute without locking it, recounting a case where firm staff got emails from the managing partner telling them not to come in the following week — which turned out to be a prank from someone who had come in after hours and noticed the managing partner’s computer had been left open.

“We also recommend that you reboot your computer daily,” he said. “At…

Source…