• Home
  • About Us
    • Our Team
    • Our Mission
    • Testimonials
    • Service Areas
  • Services
    • Tax Services
    • Audit & Assurance
    • Accounting
    • Litigation Support
    • Valuation Advisory
    • Forensic Accounting
    • Business Consulting
  • Resources
    • Client Center
    • Online Tools
    • Important Sites
    • Timely Opportunities
  • MBA News
  • Careers
    • Senior Tax Accountant
    • Tax Manager
    • Bookkeeper / Accountant
  • Contact Us
  • Facebook
  • Google+
  • Linkedin
  • Savvy
  • Twitter
  • Home
  • About Us
    • Our Team
    • Our Mission
    • Testimonials
    • Service Areas
  • Services
    • Tax Services
    • Audit & Assurance
    • Accounting
    • Litigation Support
    • Valuation Advisory
    • Forensic Accounting
    • Business Consulting
  • Resources
    • Client Center
    • Online Tools
    • Important Sites
    • Timely Opportunities
  • MBA News
  • Careers
    • Senior Tax Accountant
    • Tax Manager
    • Bookkeeper / Accountant
  • Contact Us

Blog Post

Train Employees to Avoid Cybercrime

30 Jan 2017
Comment are off
MBA Site Administrator
Cybercrime in St Petersburg Florida

In an era of hyper-connectedness and a burgeoning global cybercrime industry, you can’t afford to hope you’ll just be lucky and avoid a successful attack. It’s essential to establish policies and procedures to minimize risk and train employees on how to protect your company.

The basic kinds of criminal acts you need to guard against are:

  • Theft of proprietary or sensitive business data that could be sold to competitors or other hackers,
  • Installation of “ransomware” that locks you out of your own data until you pay the cybercriminals’ demands,
  • Malicious damage to your system, such as crashing your website to prevent customers from accessing it (often referred to as a “denial-of-service attack,” under which hackers overwhelm your site with data requests), and
  • Theft of employees’ personal information to eventually steal from them.

Internal Threats

Building a defensive strategy starts with recognizing that, even with the best technical external barriers in place, you could fall victim to an employee who goes rogue, or even joins your organization specifically with cybercrime as a goal.

While unlikely, it’s essential for your hiring managers to be mindful of these risks when reviewing employment applications — particularly those for positions that involve open access to sensitive company data. It’s just another checklist item when reviewing applicants with unusual employment histories. Checking references and conducting background checks is also a good idea.

In the same way, it’s generally advisable to include a statement in your employee handbook informing employees that their communications are stored in a backup system, and that you reserve the right to monitor and examine their company computers and emails (sent and received) on your system.

When such monitoring systems are in place, prudence or suspicious activity will dictate when they should be ramped up.

DHS Tips for Employees and IT Staff

It can also be useful to establish a policy encouraging employees to report any suspicious computer-based activities they observe around them. Of course, you don’t want to foster employee paranoia or promote the spread of baseless accusations. But deploying more eyes and ears can serve both to forestall cyber bad behavior and detect it, if it occurs.

The largest threat isn’t that employees may intentionally commit cybercrime, but that they might inadvertently open the door to external cybercriminals. That’s why the Department of Homeland Security (DHS) considers cybercrime serious enough to offer eight tips for employers to pass along to their employees:

1. Read and abide by the company’s Internet use policy.

2. Make passwords complex — use a combination of numbers, symbols, and letters (uppercase and lowercase).

3. Change passwords regularly (every 45 to 90 days).

4. Guard user names, passwords, or other computer or website access codes, even among coworkers.

5. Exercise caution when opening emails from unknown senders, and don’t open attachments or links from unverifiable sources.

6. Don’t install or connect any personal software or hardware to the organization’s network or hardware without permission from the IT department.

7. Make electronic and physical backups or copies of critical work.

8. Report all suspicious or unusual computer problems to the IT department.

Employees that follow these steps faithfully can serve as an additional layer of protection against cyberattacks.

For those people who are charged with the responsibility to maintain a secure system, the DHS offers the following advice:

  • Implement a layered defense strategy that includes technical, organizational and operational controls,
  • Establish clear policies and procedures for employee use of the organization’s information technologies,
  • Coordinate cyberincident response planning with existing disaster recovery and business continuity plans across the organization,
  • Implement technical defenses, such as firewalls, intrusion detection systems and Internet content filtering,
  • Update the existing anti-virus software often,
  • Follow organizational guidelines and security regulations,
  • Regularly download vendor security patches for all software,
  • Change the manufacturer’s default passwords on all software,
  • Encrypt data and use two-factor authentication where possible,
  • If a wireless network is used, make sure that it’s secure, and
  • Monitor, log and analyze successful and attempted intrusions to the company’s systems and networks.

Cybercrime Insurance

What else can be done? It’s often a good idea for businesses to protect their computer systems further by buying cybercrime insurance. Alone, this won’t prevent victimization, but it can offset some of the financial damage in case of a successful attack.

In addition, most insurers perform a rigorous risk assessment before issuing a policy and setting premiums. The results of such an assessment can be quite eye-opening for business owners.

If you decide against buying insurance, it might be useful to have a consultant conduct a cybercrime exposure risk assessment anyway. The growth, ubiquity and high cost of cybercrime has spawned a large industry of cybersecurity consulting firms. And, unless your company already has a robust IT staff with expertise in cyber-risk mitigation, you’ll likely save time and money engaging a third-party vendor.

About the Author
McClanathan, Burg & Associates, LLC. is a full service accounting firm. Our team members provide services including: Tax, Audit, Assurance and Accounting, Estate and Trust, Forensic Accounting, Litigation Support and Business Valuation.

Social Share

  • google-share

Search

RECENT NEWS

  • IRS Extends the Tax Filing and Paying Deadline for Individuals
  • Do you know the tax impact of your collectibles?
  • Making 2017 retirement plan contributions in 2018
  • When an elderly parent might qualify as your dependent
  • AMT Calculations: It’s Showtime

Categories

  • MBA Events
  • MBA News
  • Opinion & Editorial
  • Resources & Tips

Archives

  • March 2021
  • February 2018
  • January 2018
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • November 2013

Social Media

Facebook
Linked In
SavvyCard
Twitter

“Best
Congratulations to this year's honored business!
Featured in the Tampa Bay Times.
Click here to view my profile >>

Categories

  • MBA Events
  • MBA News

Archives

Sign Up For Newsletter

First Name:
Last Name:
Email Address (required):
Company:
Phone Number:
© 2014 McClanathan, Burg & Associates, LLC | Website Design by ThinkTankConnect.com

Send to Mobile

Text or Email McClanathan, Burg & Associates online business card to your mobile device using the form below
From the card you will be able to:
  • Get turn by turn directions to the company's office
  • Access a visual company directory of employee cards
  • Call, email or text the company
  • Share/Refer the company to others
  • Save the card to your phone's home screen for future access