Tag Archives: security

The Equifax Breach and You

Be Proactive!

Earlier this year, hackers were able to breach the security of Equifax, one of the three national credit reporting agencies. More than 143 million Americans — nearly half the country — were exposed to the attack, and may have had their personal information stolen, including names, birthdates, and Social Security and driver’s license numbers.

Equifax is still determining exactly whose data has been exposed. While you wait to find out, it’s worth taking a few proactive steps to make sure your info isn’t misused by hackers.

Start checking. Visit Equifax’s website at www.equifaxsecurity2017.com and enter your last name and last six digits of your Social Security number. The site will tell you whether it’s likely or not your data has been exposed, and put you on a list to get more information. You can also sign up for a year’s worth of free credit monitoring.

Watch your statements. Start checking your credit card statements, and pay special attention to cards you don’t use often. The initial reports from the breach were that hackers may have been making charges on underused cards.

Check your credit reports. You can look for suspicious items on your reports, such as new accounts being opened in your name, at all three credit report agencies: Equifax, Experian and TransUnion. Free annual reports are available at www.annualcreditreport.com.

Freeze your credit. If you suspect you may become a victim of identity theft, you can place a credit freeze on your profile at each of the three credit reporting agencies. This stops new accounts from being opened in your name. Note that you’ll have to unfreeze your accounts if you want to apply for new loans or make your credit accessible for things such as job applications.

File your taxes early. One of the most common ways identity thieves use your information is to try to claim a tax refund with your data. This was the most common scam in 2016, according to the Better Business Bureau. If you file your tax return as early as possible, you shut down this opportunity for any would-be thieves.

Most Passwords Are Easy to Guess. Do This Instead.

You’re doing your passwords all wrong.

So says the developer of the guidelines most internet users have been following for 15 years, anyway. Passwords that L00K l!ke tHi$ are actually much more susceptible to hacking than most people realize, says Bill Burr, former manager of the National Institute of Standards and Technology (NIST) and author of the NIST’s 2003 recommendations for password management.

In an interview with The Wall Street Journal, Burr said that his previous advice to use numbers, symbols and randomized capitalization resulted in people creating passwords that are easy for computers to predict.

A more secure option is to use four random words, such as “that purple monkey dishwasher.” Such a phrase is actually much more complicated for computers to guess, The Wall Street Journal reports. (Cartoonist Randall Munroe explained the math in a comic six years ago.)

Some password advice remains relevant, however: avoid using birthdays or anniversaries, your kids’ names or your address, as all of this information is easy for hackers to locate. Additionally, use different passwords for each of your accounts and avoid storing them where they can be easily seen or stolen.

With cybersecurity threats on the rise, CPAs are paying attention to such advice. (An article about Burr’s interview that appeared in last Thursday’s CPA Letter Daily was one of the week’s most clicked stories, natch.) Strong passwords are just the tip of the iceberg, though. CPA firms and their clients are looking at ways not only to protect sensitive information, but also to report on those efforts.

In response to this need, the AICPA has updated its Cybersecurity Resource Center to provide information on protecting firms, advising clients and reporting on an organization’s cybersecurity efforts – all using the recently released AICPA cybersecurity risk management reporting framework.

Lindsay N. Patterson, CAE, Senior Manager – Communications and Public Relations, Association of International Certified Professional Accountants

http://blog.aicpa.org/2017/08/most-passwords-are-easy-to-guess-do-this-instead.html#sthash.Pv0nJVjc.dpbs

Hotel Safety Travel Tips

As summer vacation season begins, please take a moment to review Traveler Safety Tips provided for those who stay in hotels and public lodging. These tips are provided courtesy of the American Hotel and Lodging Association. Be safe out there!

  • Don’t answer the door in a hotel or motel room without verifying who it is. If a person claims to be an employee, call the front desk and ask if someone from their staff is supposed to have access to your room and for what purpose.
  • Keep your room key with you at all times and don’t needlessly display it in public. Should you misplace it, please notify the front desk immediately.
  • Close the door securely whenever you are in your room and use all of the locking devices provided.
  • Check to see that any sliding glass doors or windows and any connecting room doors are locked.
  • Don’t invite strangers to your room.
  • Be aware of potential phone scams and prank calls to your guestroom. Hotel employees will never request credit card or personal information over the phone, nor will they advise a guest to damage hotel property.
  • Place all valuables in the hotel or motel’s safe deposit box.
  • When returning to your hotel or motel late in the evenings, be aware of your surroundings, stay in well-lighted areas, and use the main entrance.
  • Take a few moments and locate the nearest exit that may be used in the event of an emergency.
  • If you see any suspicious activity, notify the hotel operator or a staff member.

Source: American Hotel & Lodging Association

Cyber-Security – Simple Suggestions to Protect Your Business

Is your company vulnerable to cyber-crime? Most computer and/or network security breaches are the result of a lack of understanding of the importance of security processes within a company.  It’s important to recognize how implementing effective security procedures can protect your clients’ privacy, guard against misuse of confidential information and benefit your business.  Here are some suggestions:

  • Establish and maintain best practices for computer security.
  • Make sure that each system user has a unique login.
  • Grant system permissions to users as needed.
  • Protect all networks and hardware against viruses.
  • Monitor system activity.
  • Run regular backups.
  • Educate employees on passwords – creating strong passwords and not sharing their passwords.
  • Prohibit employees from opening email attachments (particularly ZIP files) from unknown or suspicious sources.
  • Disable access to the network and all cloud solutions for former employees.

Setting up and following these simple suggestions can help keep your company and its reputation safe and secure!

3 Steps Businesses Can Take to Avoid Cyber Crime

All companies today need to be on the alert for being hacked. Most people log onto the internet every day without much thought about how susceptible they are to being hacked.  Here are three steps to protect your company against cyber criminals who are working hard to figure their way around your security measures:

Employers need to train their employees – Those employees sitting at their computers each day are a company’s first line of defense. An errant click on the wrong email is like unlocking the front door, so employees should be made aware of the dangers and told what do about suspicious email.

Companies should routinely update their defenses – Outdated technology and outdated security software make a company’s computers vulnerable to attack. It’s important that businesses periodically review their IT operations to make sure what worked last year still provides the needed security.

Consumers must take their own safety measures – It would be nice to expect banks and retailers to protect consumer information, but the average person can’t count on that. Security experts suggest consumers take personal security measures such as frequently changing passwords and deleting any phone apps they don’t use. Many apps contain malware that can spy on you.