It looks like javascript is disabled. In order to use this site, you must have javascript enabled.
After enabling javascript, please click here or reload the page.
Flaws in your data system
create much havoc.
Cyber Security — Risk Is In Your Future
Misfortune Cookie, Poodle, Shellshock,
Heartbleed, and Freak. These are not the
names of rock bands but instead are the
names used to identify recent computer
vulnerabilities to which millions of computer
users are exposed.
Misfortune Cookie refers to a recently
discovered flaw present in an estimated
12 million routers in homes, small businesses
and corporate environments,
some of which have been in place for
years. The vulnerability could allow a
remote attacker to take control of the
device and subsequently steal credentials,
personal or business data, and/or
infect any system on your network with
malware. A vendor-supplied update or
patch is necessary to eliminate the risk.
When was the last time your home or
small office router was updated? As a
CPA, not a technology professional, is it
very unlikely that you know the answer
to that. You may be confident that your
organization is secure because you have
a top-notch ‘IT guy’ and your systems
work on a daily basis, but does that person
have sufficient time to focus on IT
security? Is security an ongoing priority
for the IT Department or the contracted
support personnel?
Persons working in IT serve as ‘firefighters’,
going from one blazing issue to
the next. It reminds me of the whack-amole
game at the fair. Too often, there
are more outstanding support and
implementation issues than resources
within the IT area, so security gets put
on the back burner. Not to mention that
new vulnerabilities are reported and
breaches exposed on a daily basis, so
keeping up is quite difficult.
So the real question is if someone
knows the answer to when the router
was last updated. Is the task of monitoring
each and every piece of hardware
and software in use to ensure that it is
up to date part of someone’s job responsibilities?
This is one of a multitude of
About the Author
Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and
CGMA to assist financial institutions, hospitals, CPA firms and their
clients in implementing measures to secure data and manage risks.
She is president of Traina & Associates, an IT security audit firm
that has been honored three times as a member of the LSU 100
list of the top 100 fastest growing Tiger-led businesses. In 2013,
Lisa served as President of the Society of Louisiana CPA’s, only the
fourth woman in the organization’s 102-year history to hold its top
elected position.
Truth. Strength. Fortitude.
15
By Lisa Traina CPA, CITP, CGMA
“It reminds me of the whack-a-mole game at the fair.
Too often, there are more outstanding
support and implementation issues
than resources within
the IT area, so
security gets
put on the
back burner.”
tasks necessary to maintain a secure IT
environment.
The cyber risks are so great these days
that management must get involved to
ensure that appropriate mitigation strategies
are in place. We all know the first
step to treating addiction is admitting
there is a problem. Similarly, the first
step toward cyber security is acknowledging
that you are at risk.
Sure, you may know the Target CEO
lost his job because of the breach, but
that was at a huge company and that
could never happen to you, right? Of
course it could! No matter how large or
small your organization is, every organization
and individual is at risk of a
breach incident. The examples of the
$1.5 million heist against a California
escrow firm that forced the company to
close and lay off the entire staff, or the
New York marketing agency forced to
merge because of a Corporate Account
Takeover loss may hit closer to home.
Without knowledge of the risks and
security environment and employee
training, CPAs remain extremely vulnerable.
It is imperative that CPAs in all
organizations — no matter how large
or small — begin to have a proactive
approach to ensuring data security.
That approach must include a few
basic things:
1) maintaining some knowledge
of current cyber security issues,
2) mandatory information security
training for all employees,
3) strong IT controls,
4) updating of all systems at all
times, and
5) periodic assessments of the
organization’s AND its vendors’
security.
Your company’s most important senior
executives — your C suite — has to take
more ownership of this major risk area
starting now! v
Right click(Command + click) your mouse on the magazine pages to pop up a Quick Menu of the most used reader features:
To open up additional features, hover over or click on the arrow on the left. You can pin this pull-out menu to have it remain visible (or close by clicking on the push pin ). Included in this tab:
A: Our print feature relies on your web browser's print functionality - and how that browser communicates with your specific printer. If you note that pages are getting cut off, or you are having other issues when printing, it is likely that you need to adjust your printer's settings to scale to fit page.
Alternatively, if there is a PDF Download option available you can download the PDF first and then print using Adobe Acrobat Reader’s print feature. There are known issues in printing fom Internet Explorer 7, so if you are using this browser, you may wish to try a different one. If you are able to print from your browser normally but are having issues specifically with printing pages from the magazine, then please contact technical support.
Thank you for sampling the digital edition of Lagniappe To continue reading this issue, you must be a subscriber.
If you are a subscriber, you must log-in before you can continue viewing the digital edition.
Click here to log-in
If you are not yet a subscriber:
Click here to join.