Please read the following discussion and write a reply:
A virus, worm, trojanware, ransomware, adware, and spyware are all types of malware that can significantly impact a company, its data, customers, and even its employees. Malware has the ability to steal, delete, alter of hijack computer functions, as well as monitor activities without user knowledge. One of the more common types is Phishing, where a link is sent via email to employees, who believe it to be genuine and click on a link or enter personal information, such as a password, and thus infect their devices.
Cybersecurity affects everyone, and I don’t think that it should be just up to accountants to be “leading the charge”. It is impossible to fully guarantee the safety and security of a business’s crucial information, and like everything else, awareness and education is the most effective tool to have. As technology is constantly changing, businesses are able to update their technology for a more efficient and effective way. With new technology, comes larger cybersecurity risks, and companies can only do so much to train their employees about the dangers of security. I believe that the onus is on all employees to protect the business form these attacks.
As an accountant, it is your duty and obligation to keep your client and/or company’s data private and secure. There are several ways to do so, with the first step being diligence and mindfulness. Another step that accountants can take for protection is relating to email. Accountants should be aware of what phishing emails look like and now what is legitimate and what isn’t. They can also use two-factor authentication, as well as using encrypted emails. When using encrypted emails, this can benefit the client and/or business greatly, that way the information attached, such as SIN, are secure.
Proper internet security, wireless security, data security and remote access are also aspects for accountants to consider. There are large number of workers who work from home, or travel for work so ensuring secure remote access is essential. Work should not be done unless there is a secure VPN, otherwise hackers are almost guaranteed to access the sensitive information on devices used. If you are to use a USB for data transferring or sharing, make sure that there is encryption, that way if it falls in the wrong hands, the data is secure.
There are many preventative measures to protect company data from hackers, but unfortunately an attack can still occur. Therefore, proper backup of work and data is essential. Daily backups can be beneficial or have documents saved to offsite servers. Backups should be done not only for in the event of a cyber attack, but if there is a computer crash or something were to happen.
I am still relatively new at my company, and unaware of any breach or hacking attempt. However, I can speak to the efforts they put forward to try to mitigate the risks of it occurring. The cybersecurity team is big on educating employees about the dangers of phishing. |Every month or so, they send out an email from an external source to bait employees, just like a real phishing email, to see if employees will click on the bait or not. If the employee falls for it, a message pops up immediately stating that they have been phished and need to complete two mandatory modules on cyber security relating to phishing.
It is very important that individuals keep upto date with cybersecurity, because as technology progresses, hackers and fraudsters come up with new ways to infiltrate and obtain information. Although it is impossible to be fully protected against these attacks, there are many steps that can be taken as precautions, whereas proper education and awareness is the first step in mitigating these attacks.