Given the recent ransomware attacks, financial technology expert Joel Bruckenstein interviews cybersecurity expert Brian Edelman. In this podcast from the AICPA PFP Division, they discuss:
- What exactly is ransomware
- Scope of the recent global ransomware attack, which is the largest in history, and how likely it is
- Which operating systems are the most and least vulnerable
- How vulnerable CPAs and financial advisers are to this sort of ransomware attack and why
- Signs your systems may be infected with malware (not just ransomware) and what to do if your computer is acting in an unusual way
- What can you do to protect yourself and what to do if your impacted by a ransomware attack, including actionable takeaways
Although one size does not fit all, here’s our recommended security checklist for your business network.
| SYSTEM SECURITY CHECKLIST | Complete |
| 1. Encrypt all hard drives on all machines with confidential data |
|
| 2. Turn off systems at night, weekends and vacation (n/a-servers) |
|
| 3. Reboot computers as you leave for appointments & lunch, logging back in when you return |
|
| 4. Require passwords to access the start screen on all smart phones, tablets and laptops |
|
| 5. Establish a password with 8 characters of letters, numbers and wildcard character, memorize it and do not share it; and utilize DashLane password software |
|
| 6. Install and update an antivirus/anti-phishing and firewall security suite program on all systems (We use & recommend BitDefender) |
|
| 7. Implement physical security standards: power down systems when leaving, locking up portable devices, securing server rooms |
|
| 8. Implement a “no-click” policy on email links |
|
| 9. Restrict remote access to data by all owners and employees, implementing a written office-wide policy and VPNs rather than remote log-in software |
|
| 10. Change default passwords and addresses on all devices including routers, computers, tablets, smart phones and software |
|
| 11. Practice invisible client interviews: clean desks, files locked away, and computers turned off; or perform all interviews in conference rooms without computer system access. Never allow a client unaccompanied in any room with a computer or file |
|
| 12. Establish written standards for work-at-home situations requiring secure rooms, no-access to computer policy except by staff, system shut down at all times when absent. See TaxSpeaker® Telecommuting policy |
|
| 13. Perform employee background checks similar to banking institutions |
|
| 14. Redact all client SSN’s, firm EFIN & personal PTIN on all documents |
|
| 15. Never provide a client or outsider with Wi-Fi access in your office |
|
| 16. Never, ever use public Wi-Fi including planes, airports, restaurants unless through a secure VPN or using encrypted email |
|
| 17. Accept client data only by portal upload, physical visit or surface delivery |
|
| 18. External mail boxes and drop off areas must be locked and secure |
|
| 19. Change Wi-Fi and all logins upon dismissal, retirement or job change of an employee |
|
| 20. Implement, educate and enforce a company-wide computer/internet use policy. |
David Conley
David is a partner at Smith, Conley & Associates, PC. In addition to writing and tax consulting, he is active in the pro-life community serving as President of the Fayette County Right to Life chapter of Georgia Right to Life.
He is also a founding Board Member and Finance Director of the Fayette Pregnancy Resource Center and serves on the Board of the National Equal Rights Institute.
He is also a founding Board Member and Finance Director of the Fayette Pregnancy Resource Center and serves on the Board of the National Equal Rights Institute.
