NEW

5 Critical Tax Tips For Nonprofits in 2019

No one enjoys filing taxes, but it can be especially problematic for nonprofits. Many nonprofits focus on their cause so much that they neglect proper organization. As a result, they deal with disorganized records and systems, and a lack of clarity around tax issues....

THE SMART BUSINESS OWNER’S LIST OF TAX DEDUCTIONS

For a business owner, taxes can be overwhelming and cumbersome. Tax deductions allow you to save thousands of dollars each year on your taxes and make tax filing a much more bearable experience. In this post, we'll list some of the tax deductions you can use to...

The Smart Business Owner’s List Of Tax Credits

One of the best ways to cut costs as a business owner is to take advantage of all the tax deductions and tax credits for which you're eligible. As a business owner, you're concerned with the bottom line--increasing your net profits. That probably means you spend most...

PRESS RELEASE: Cassidy Jakovickas, CPA of Fresno, CA Appointed to Intuit’s Accountant Council

Select Panel Advises on Products and Services that Accountants and Their Clients Want Most             FRESNO, CALIFORNIA – June 4, 2019 –Today, Intuit, Inc (Nasdaq: INTU) announced that Cassidy...

Beyond The Numbers: What We’ve Been Reading

Although our team loves using numbers and spreadsheets to help our clients make the best financial decisions, we also enjoy reading great books. Staying well read on both fiction and non-fiction books helps us hone our imagination and introduces us to new, sometimes...

Looking Back At April

It’s hard to believe that we’re at the end of April, but it’s true! This month, we helped our clients wrap up another great (and busy) tax season. There was, as always, a lot of paperwork, emails, and nail-biting involved in the days preceding April 15, but that’s all...

5 Last-Minute Tips For Filing Taxes in 2019

Well, April 15 is almost here, and the tax-related panic is thick. If you haven’t filed your 2018 tax paperwork and are rushing to get your taxes in by the deadline, we’ve decided to give you some last-minute tax advice that will hopefully help ease your stress....

An Introduction To Cybersecurity for Business Owners

Keeping your sensitive business and customer data secure has never been more critical. Whether you are a small business or a national corporation, you can't relax your defenses against those criminals seeking to take advantage of lazy cybersecurity policies. Virtually...

March News Roundup

Wow! It seems like we just started March and we’re already moving into April! As we move into the final stretch of tax season, we’re recapping this month’s news for you, just in case you missed it amid the tax-related hubbub. MBS Accountancy: November Review This...

4 Key Changes To Depreciation Under The TCJA

As the Tax Cuts and Job Act (TCJA) continues to be unraveled by tax professionals, it’s important to review the changes and their implications on business operations and tax strategies. In this article, we’ll highlight TCJA’s changes to first-year bonus depreciation,...

An Introduction To Cybersecurity for Business Owners

Reading Time: 4 minutes

Keeping your sensitive business and customer data secure has never been more critical. Whether you are a small business or a national corporation, you can’t relax your defenses against those criminals seeking to take advantage of lazy cybersecurity policies. Virtually all business owners consider information security to be one of the most pressing issues they face today and nearly two-thirds of all small business owners are incredibly concerned about cybersecurity.

Small and mid-sized businesses are right to be concerned since these businesses are especially vulnerable to information theft. Nearly half of all cyber attacks target small companies, and a full 60 percent of these businesses go out of business within six months of the attack.

What can your business do to combat information theft? Good cybersecurity is a continuing process, one that involves battling cybercriminals on a variety of fronts.

How to put good information security systems in place

Data Storage

One of the most critical parts of any business information security plan is to put systems in place to protect the sensitive information of your company and customers. Whether you are a retailer dealing with customer credit card numbers or a non-profit handling birth dates and Social Security numbers, letting this information fall into the wrong hands can be disastrous, both for you and for your customer/patient.

To best protect this information, you need to have systems in place that securely store the data to which you need regular access and destroys one-time use data.

If your company uses any cloud-based storage solution, research your current vendor and understand their data policies – their laziness is your liability. Implement end-to-end encryption for all digital storage solutions. In general, there are two states for your data: at-rest and in-transit. At rest, your data is not being accessed but merely is “resting” in a database. Data-at-rest should be encrypted using either the AES or RSA encryption methods. Data that is in-transit should be encrypted with HTTPS, SSL, TLS, or FTPS.

Physical security measures are also necessary. If you keep physical copies of sensitive data, such as patient records, you need to make sure that these records are kept securely locked away when not in use. These measures include things like instructing employees to lock the screen to their PC or mobile devices when they walk away from their work, even if only for a few minutes. For businesses that still have physical data records, this means locking the cabinet where files are stored or placing the data in a locked desk drawer when away from the work area.

Access Control

Another aspect of good information security is limiting the number of people who have access to sensitive information. Ideally, you want to limit the number of people who “touch” the data as much as possible. Unfortunately, not all cybercriminals live outside your building, and internal crime can be as much a threat as external attackers.

The entrance and exit times for staff should be regulated and monitored to prevent unauthorized access and mitigate opportunities for collusion. Cybercriminals can potentially gain later access to the building by learning the keypad code to the doors. The employee might not even see the person across the street using binoculars or suspect the person who enters the door with them, saying they have business in another department. It’s important to instruct employees never to share their entrance code and to keep the keypad shielded when entering their code.

Proper access control needs to include teaching your employees good password habits. It best to require your workers to use unique logins for each device and each software application. Good passwords need to be at least eight characters in length and include small and capital letters, as well as numbers and special characters. These types of logins are much more difficult to hack than the name of an employee’s pet or child. According to a recent Verizon investigative report, 91 percent of data breaches are the result of weak passwords. Implementing good password “hygiene” is a significant step toward good cybersecurity.

Another aspect of controlling access is to develop an exit strategy for when employees leave the company. Revoking their access to email and social media accounts is vital and helps you avoid an embarrassing headline. It’s also a good idea to have all of their company emails forwarded to a department supervisor and change all of their passwords in their work accounts.

Another way to control access to company accounts is two-factor authentication. Also known as 2FA, this process requires two independent pieces of information for a successful login. This is usually a security question, access code, or physical card. 2FA makes it difficult for criminals to hack company accounts without the required information or device(s).

Creating a culture that promotes good cybersecurity

Good cybersecurity requires a continual effort from all of your employees. They need to be aware of what phishing schemes look like and how to avoid placing the business at risk by opening a suspicious link. They also need to be mindful of unauthorized people wandering around where they shouldn’t be, how to enter/exit the building and log into programs and devices without exposing sensitive information to unauthorized persons. All of these issues should be addressed in your employee handbook.

Keeping sensitive information protected from cybercriminals doesn’t have to be an impossible task. It merely requires an ongoing, concentrated effort that puts systems in place that address data control and access to information, as well as creating a culture that emphasizes and rewards attention to security.

Previous

Next

Submit a Comment

Your email address will not be published. Required fields are marked *