2020 Cyber Crime, Cyber Security Awareness Month

In recognition of National Cyber Security Awareness Month and to foster client awareness of cyber hazards, AAFCPAs’ IT Security professionals have outlined cybersecurity risks and mitigation strategies applicable to 2020 current events.

COVID-19 has changed business operations resulting in increased IT security risks, especially risks from the abrupt shift to support remote work. Even when we are able to freely go back to the office, there will be many employees who continue to realize the benefits of remote work and will choose to remain remote. While remote working has been going on for months, AAFCPAs still advises clients to assess cybersecurity risks related to their remote workforce and determine a strategy and timeline to mitigate these risks. These risks include the usage of an employee’s computer for both work and home use, visiting non-work related web sites, connecting to an employee’s home network, and physical security.

November 3^rd is the US presidential election. Events like elections provide a unique opportunity for bad actors such as opposing political parties, adversarial countries, and others to use social media profiling and social engineering attacks to affect the integrity of the election process or attempt to collect personal information. It is difficult for people to distinguish which information should be trusted, because the messages play on emotions. AAFCPAs advises clients to be wary of information received or served, avoid clicking links in suspicious messages, and check the facts with at least one other trusted source before forwarding or sharing confidential information. IT departments should continue to make employees aware of the evolving risks associated with social engineering and use phishing and vishing tools to identify and train those employees.

Your vendors may also pose a weakness to your security posture. Back in May, Blackbaud, an enterprise resource planning cloud software company focused on not for profits, disclosed that they had been the victim of an attempted ransomware attack. AAFCPAs reminds clients that outsourcing may expose your organization to risk and underscores the need for effective vendor due diligence including requesting Systems and Organization (SOC) reports, ISO 27000 certification, or other compliance attestation reports.

As the Coronavirus pandemic forced millions of people to stay home over the past few months, and Zoom became the video meeting service of choice, Zoom’s security issues quickly became front page news. It may come as no real surprise that Zoom and its users were targeted based on the spiking demand for their solution. AAFCPAs encourages clients to configure collaboration and web conferencing tools with security in mind, and fortify your web applications, which includes conducting Web Application Vulnerability Assessments, evaluating your processes related to change management and software development life cycle, and to review the Open Web Application Security Project (OWASP) to review the most prominent vulnerabilities in web-based applications.

Your best line of defense in protecting your organization against cyberattacks is employee awareness. October is National Cyber Security Awareness Month, but AAFCPAs advises clients to remain vigilant year-round, assess your cyber security risks regularly, and maintain a cyber-aware community by educating users throughout the year on the risks and consequences of the constantly evolving IT security landscape.

AAFCPAs’ Cyber Security & Technology Assessments help identify risks that could potentially cause information loss and/or financial and reputational harm to your organization. Our assessments also determine if planned technology acquisitions comply with federal and state laws and company policies for protecting critical data before they are implemented. If you have questions, please contact Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; James Jumes at 774.512.4062, jjumes@nullaafcpa.com; or your AAFCPAs Partner.