It’s happened to all of us. An email appears in your inbox urgently asking you to attend to an unpaid balance, confirm a password change, or wire money to an unfortunate friend who got mugged while vacationing overseas.
These messages are often riddled with typos, poor grammar, and far-fetched scenarios.
Easy to spot a mile away.
But it’s getting trickier.
Today’s cybercriminals are becoming highly sophisticated and attacks more complex. Armed with well-developed underground tools, even those without a technical background can easily carry out an attack.
And it’s big business.
Forget the stereotype of the stranger lurking in the darkness, cybercrime is now lucrative enough that criminal groups are able to operate as legitimate organizations. What’s their mission? Find the fastest, easiest, and most advanced way to inflict the greatest damage.
A Treasure-Trove of Data
We all hold a treasure-trove of data that hackers seek. Balance Point is no different. We continually take aggressive measures to protect our business and the businesses of the clients we serve. We’ve hired attorneys to closely examine our processes. We’re creating a vendor management policy that states exactly what we do and what we ask when vetting vendors. And we’ve hired a risk analysis consultant.
CPAs are faced with similar challenges. They are increasingly being targeted because of their direct access to sensitive information. This topic was a hot one during a recent meeting of our 2018 CPA Advisory Board. Comprised of four thought leaders in the accounting industry, the Balance Point CPA Advisory Board is a repeat initiative based on the success of our 2016 Board.
When the group met in May of 2018, they had plenty of personal stories to share about how they, and their clients, were preyed upon by cybercriminals. This prompted Pete Luciano, one of the founders of Balance Point to ask, “You’re in a position where not only do you have to protect yourself, but you have to advise your clients as well. Is that a conversation you are having?”
Mitchell Sharpe, a Founding Partner of SKC and Co., was the first to respond “First of all, I think it’s important to hire a good, outside technology company that supports you even if you have somebody internal. I suggest to our clients that they have someone come to conduct extensive testing of their security. Depending on the relationship, I will force the issue a bit. It sets a certain tone within our firm that ‘boy these guys are serious.’”
CPA Firm Sax takes it seriously too. Susan Reed, a Partner of the firm and Head of its Healthcare Practice, added “We just started a technology division where we’re going to assist our clients in assessing their cybersecurity risk.”
Thomas Angelo, a member of our 2016 Board and Managing Partner of Spire Group, recommended KnowB4, a security awareness program that trains employees and tests their gullibility by sending simulated emails. “You have to get down to the core. You see who clicked and say ‘wow,’ it’s time for training.”
Balance Point recently rolled out the program to our employees. It provided real insight into the hacker’s mind and what we need to do to protect ourselves and our clients. As a result, we’ve adopted tactics to ensure our safety from simple reminders to “Think Before You Click” to more extreme measures like disabling popular social media sites from office computers and migrating completely to cloud-based software. One final piece of advice: remain vigilant and stay one step ahead of the criminals.