Cyber Security and Your Business Systems
With cyber security a regular feature in the media at the moment, we look at what you can do to protect your business from theft and damage to hardware, software or information.
Breaches in cyber security can cause long term damage to your business, not only to data, systems and hardware but also to your business reputation, so it’s worthwhile to invest in good cyber security processes and systems.
Cyber Security threats
There are numerous threats to your business, including encryption, phishing, identity fraud, backdoor attacks and credit card fraud. ATB Chartered Accountants Director, Michael Mekhitarian discusses what these threats are…
Is when a virus type agent gets into your computer and locks up the data, so you can’t access it.
“So let’s imagine you’ve been infected with an encryption type virus… that would mean that you can’t read your data, you can’t see what information you’ve got on your system.”
“What they’ll do is ask you for money to un-encrypt your own data. And actually in recent news the US Government announced that North Korea sponsored the recent encryption virus, presumably to raise monies.”
This is where they go through your data, to look through your quotes and find your customer details so they can use the information against you commercially. You may lose clients and business.
Michael says “If they’ve got your sensitive information and commercial information, then they might be trying to use that against you, sell it to your competitors or use it themselves, so for example if you’ve done a quote or if you’ve got a client you’re working with they might come in and undercut you.“
Is probably one of the most common type of threat. This is where your details may be stolen and used illegally or fraudulently. So the criminals may be looking to find information stored on your computer, to use your identity, for example to get credit fraudulently.
“You’ve got to be very careful because you might be working for somebody or doing some work for somebody, and they could easily access and use your information.
“If they have information about your personal life; your passport, driver’s licence, tax file numbers and things like that, they might use that to create an identity and get a loan.”
These types of threats are when the criminal has access to your systems, they can access accounting, payment and customer details.
“For example, they may get into your computer system and alter bank details. So you think someone has been paid, but it’s actually been sent to the criminals instead. In effect the money has been stolen from you.”
Credit Card Fraud
This is another very common type of security threat. Credit Card fraud is when they obtain your credit card details so as to fraudulently use them to purchase goods or services.
“If they have your credit card information, then you might find some things appearing in your account that you didn’t spend money on.”
New Data Breach Legislation
New legislation on notifying data breaches is predicted to take effect by 23 February 2018.
“The government is now mandating that a business with a 3 million turnover, are required to notify all of their clients, if they have security breach.
“I’d imagine that it would be very uncomfortable to tell your clients that your data has been breached, that other people have got their information – so it is a big deal.”
What can you do?
There are several ways you can minimise the risk to your business, employees, clients and yourself. Be vigilant, use two-step factor authorisation, make sure you have firewalls, anti-virus software and update your software regularly and ensure you take the time to educate your team.
Michael gives you some tips on how to effectively minimise your risk…
1. Be vigilant!
“If you get an email that says you’re about to win $1million – think about it, do you know who it’s from, what are you trying to open?
2. Two-step factor authentication
“Some of the cloud-based software providers like Xero are using two-step factor authentication. You log in with your password, then it may send a randomly generated code to your mobile phone that you’re required to put in.
“If the software you are using has two-step factor authorisation, then you should use it and yes, it does take a little bit more time but it means that people won’t be accessing your Xero files or your data.”
3. Firewalls, Antivirus, Software updates
“Make sure that you’ve got your firewalls properly set up, that you’ve got your antivirus protection activated and your software programs are up to date. Work with your IT people or specialist, it’s very important that you have those things installed and working.”
4. Educate your team
“Talk to your team, talk to them about what the types of threats out there and what to do if they suspect anything. A short while ago there was an email coming through saying – You’ve got a speeding fine and asking for payment – so just be very aware, don’t open things from people you don’t know.”
5. Be Vigilant!
“Train your team to be vigilant, be vigilant, be vigilant, be vigilant. Just really watch out what comes through via email and what attachments you open up or what sites you click through to.
“ I can’t stress that one enough”
What we are doing at ATB
“We’re very mindful that we use cloud based programs – all accessed on the Internet. We’ve got a firewall, which prevents people accessing our data but it also blocks some of the websites considered dangerous, we’ve made sure that our antivirus protection is always up-to-date and it’s the best available and we talk to our IT support quite regularly. The other thing that we do is that we make sure we use two step factor authentication.“
Here are a few more ways that ATB are cyber aware…
1. Ready Secure
We are using a system called Ready Secure which sits on all our team members’ computers. The way this operates is that the keystrokes our team do to log into programs aren’t recorded – meaning the passwords of the various programs we use are protected and secure.
“Many of our clients know that we use a platform called Nimbus. This is a secure portal that our clients sign in to so we’re not posting information to clients, such as their tax returns, which can be stolen.”
“It also means we’re not emailing sensitive information. So when we give somebody a tax return in Nimbus, what they do is login and sign it so it’s not out there in cyberspace and then coming back. Nimbus has security levels as secure as banks which is as good as you can get.”
3. Team Training
“The other thing we do is we regularly talk to our team about some of the threats that are out there and we train them. The reason we do this is because we want them to talk to our clients and share with them what’s happening. So our clients are secure and aware too.”
We constantly look for better platforms or methods of securing data and we work in collaboration with our providers and Partners to get best practice and outcomes.
- Be vigilant, don’t open attachments if you don’t know where they are from
- Use two-step factor authorisations
- Secure your computer systems, put up firewalls, add virus protection and so on
- Educate your team
- Be Vigilant!
If you’re not sure your accounting systems are up to scratch, give ATB Partners a call, we can review your systems and make the best software recommendations to meet your needs.