accountants and business advisers
13 Jan 2020
Healthy skepticism can help avoid falling for phishing schemes and way-out-there data equipment/systems scams; testing can help ensure that the data system actually works and supports your company’s stated policies and procedures; and, knowledge allows for expanding data enhancements and securing the necessary and appropriate hardware, the software and the data. It is hoped that incidents reported in Cyber Roundup provide you with helpful material so you can avoid similar events, and that our “takeaways” give you actionable information.
The following is a rundown of what happened during the month of January 2020. We welcome your comments, insights and questions.
Tom’s Takeaway: It is important that every person have a degree of skepticism when it relates to any electronic communications or circumstances that require the collection of sensitive personal information. Before you enter the information onto a form ‒ whether paper or electronic ‒ make sure the collector of that information is legitimate and has the proper controls to protect that information.
Tom’s Takeaway: As the world becomes more connected, it is imperative that you step back as a consumer and make informed decisions regarding the technology you utilize and your expectations of privacy. While technology has its advantages, at times the security and privacy implications will often exceed the benefits. As a consumer, you need to be aware and prepared to make that determination. One of our hopes with our monthly Cyber Roundup is that we continue to increase your awareness and empower you to make informed and balanced decisions.
Tom’s Takeaway: With all the fancy security solutions that companies persistently market, it is often easy to forget that while technology does have a role, a large part of solving the cyber challenge is the education and awareness of the users. For cybersecurity to be effective, it needs to account for People, Process and Technology, in that order. In this circumstance, if the School District had implemented the correct controls around the awareness of the people and the process of wire transfer, I am very confident in saying this could have been prevented. If you need assistance in developing and ensuring a security posture across your people, process, and technology, please feel free to contact me.
Tom’s Takeaway: This breach on the Michigan school district is all too reminiscent of the Target breach back in 2013 that was also the result of the connected HVAC vendor. It is very common when we perform our assessment that we find client networks unknowingly over-exposed to third parties. Understanding and managing your third party risk is key. If you need assistance, please contact us.
Source: PKF O'Connor Davies
For more information on how our services can help your business get in touch.