Many Los Angeles Certified Public Accountants (CPAs) practice diligence when it comes to personal security. They lock their doors, install smoke alarms and carbon monoxide detectors in their homes, and may even have a security system installed. However, their IT security practices don’t always mirror that same level of caution. In fact, the average American’s lack of cybersecurity knowledge should scare you.
This article will address three of the top IT security mistakes made by LA CPAs and will provide solutions you can easily implement.
1. Using Easy-to-Crack Passwords
Having a strong, secure password is integral to keeping your information secure. However, password security is viewed by 69% of U.S. online adults as not being a real concern, according to research by the Pew Research Center.
This may be a throwback to when users thought that passwords were a foolproof security method. Or, it may be laziness. Either way, after hundreds of successful cyber attacks each year, CPAs and other business owners begin to realize their poor choice of passwords. However, it still may not be enough to get them to improve their password selection strategy. Even financial services companies with strong IT policies can fall prey to cyber criminals through bad password choices.
Some of the most common IT security mistakes when it comes to password creation include using details that can easily be discovered through your social media profiles. This kind of information includes:
- Birth year or dates;
- Oldest or youngest child’s name;
- Pet name; and
- Anniversary date.
The best way to improve your password security is to use passwords that lack an obvious pattern and incorporate number substitutions for letters — for example, use “&” instead of an 8. The more variety in your password, the more difficult it will be to crack.
Companies should implement and enforce password policies that require a mix of letters, numbers, and symbols. Here’s a helpful tip: If your password can be found in the dictionary, don’t use it!
2. Not Storing Data Securely
Unprotected data is a serious security risk to any business or organization. And, this risk comes in many forms — just thinking of them makes me cringe.
- People frequently store sensitive information on portable, unsecured flash drives and carry the devices around with them on their keyrings or in their pockets.
- Businesses that back up their sensitive data on tapes and store the tapes offsite; this can lead to theft while in transit to or from the storage facility.
- A lost or stolen laptop can potentially leave a financial services company in significant financial or legal situations.
To avoid this unsecured data issue, encrypt all portable data storage devices. Backup software solutions can enable data stored on tape to be encrypted, and portable devices — smartphones, tablets, and laptops — can be protected with mobile security management software.
3. Using Limited Mobile Device Security
A common practice among CPAs is to walk around with mobile devices containing unencrypted personal and professional data. These devices can become lost, stolen, or hacked without much difficulty. In fact, 45% of executives surveyed by the Harvard Business Review regard mobile devices as “the weak spot in their company’s defenses.”
A basic fix to this issue is to have password requirement for CPAs who access company data on their personal devices. This will deter thieves who may steal or find the phone or tablets. At a higher level, there are security software packages that can be installed that are designed to discourage cyber attacks.
By handling sensitive information about people, corporations, and other entities, Los Angeles CPAs have a direct impact on the lives of their clients. Protecting that information is a critical aspect of doing business, and plugging IT security holes will help them to achieve that goal.
If you’re interested in incorporating a Bring Your Own Device (BYOD) section to your firm’s computer use policy, FPA is here to help. We have more than 25 years of experience providing high-quality IT services in the greater Los Angeles area.
How does your firm protect company and client data from unauthorized access? Share your thoughts and recommended processes in the comments box below.