October is National Cybersecurity Awareness Month, an opportunity to educate and inform individuals and business about the importance of making sure their online lives are kept safe and secure. At work, this means all employees share responsibility for protecting their company’s data and infrastructure, including using secure passwords.
Financial services organizations and other firms that are responsible for the security of consumer financial data must remain vigilant in their cybersecurity efforts. The warning comes from Security Magazine due to the high value of financial data, Including Social Security numbers, banking details, and more, makes it a lucrative target for cybercriminals.
In addition, the expanding adoption of cloud-based services and data storage, more companies implementing remote and hybrid work options, and the growing use of mobile devices for work are together giving cybercriminals and ever-expanding range of opportunities to exploit, explained Jonah Force Hill, executive director of the FBI’s Cyber Investigations Advisory Board created in September 2021 to fight cyber-enabled fraud. “Every organization – providers of financial services, in particular – must remain vigilant in the face of these evolving threats.”
Managing privacy and security risks is a top concern for CPA firms of all sizes, according to the AICPA’s 2019 PCPS CPA Firm Top Issues survey. One good precaution is to ensure your mobile devices are secure.
The “bring your own device” (BYOD) phenomenon continues to rise in the workplace, according to TechAdvisory.org, a blog that provides tech advice for small businesses. Whether employees are utilizing smartphones, tablets or laptops, there are data security risks companies need to consider.
A personal device that has been infected with malware can spread the malicious software to other devices that connected to the company network. Public Wi-Fi spots provide easy opportunities for cybercriminals to intercept data being transmitted over public networks. Finally, employees often bring their own devices wherever they go. This creates greater risk of them being lost or stolen, and the company data stored or accessed on the devices being compromised.
Among the top threats from mobile devices are:
- Free mobile apps that perform as advertised, but also send personal – and potentially corporate – data to a remote server, where it is mined by advertisers, or worse, by cybercriminals.
- Unsecured Wi-Fi and network spoofing, which is when hackers set up fake Wi-Fi networks in high-traffic public locations such as coffee shops, hotels, and airports.
Here are six tips to help ensure your mobile devices are secure:
1. Use long, complex passwords, instead of the standard four-digit code. A strong password is at least eight characters long and includes a combination of letters, numbers, and special characters. For added security, set-up thumbprint or face recognition. Additionally, make sure your device auto-locks when not in use.
2. Turn off Wi-Fi and Bluetooth when not in use. These platforms are essentially open connections to your phone. Only turn them on when you need to use them.
3. Only download apps from trusted sources such as the Apple App and Google Play stores. Malicious apps infected with malware are generally found in third-party app stores and often resemble legitimate apps such as games, instant messaging and even antivirus software. Look at the app’s reviews and star rating. Notice when the app was published and be wary of new apps or ones used by few people. Also, be cautious about using free apps. While it doesn’t cost money to use them, the app does want something in return – access to your personal information. Finally, set-up two-factor authentication, especially for apps that store your bank account or credit card information.
4. Don’t click on links in SMS messages from unknown senders. Much like email phishing, “smishing” uses fraudulent text messages to convince people to reveal personal information, such as passwords and credit card numbers. Mobile device users are especially vulnerable to these attacks because the smaller screen makes it harder to spot fake content. “Smishing” scams are on the rise, in part, because they appeal to cyber criminals who can enable geographic targeting; for instance, posing as a local bank or credit union to send messages to nearby mobile phone users. “Smishing” also poses risks to companies because it can trick users into downloading infected files, potentially exposing sensitive data.
5. Perform regular software updates on your device’s operating system (OS) and all of your apps to patch possible security vulnerabilities that can give malware access to your phone or tablet.
6. Make sure you have software installed on your mobile device that lets you remotely lock, and if necessary, wipe the data if it’s lost or stolen.
It is important for financial services organizations and other firms that are responsible for the security of consumer financial data to understand their cybersecurity risks. With nearly all firms relying on information technology to store, process, and transmit information, it is essential to protect these infrastructures from unauthorized access. And yet, firms often fail to understand their vulnerability to attack. Security risks are not always obvious and constant cybersecurity education is paramount.
Christophe Réglat is president and CEO of Coaxis, an endorsed program for the FICPA. Coaxis provides CPA firms with a fully-hosted and managed network solution designed to remove the complexities of federal and industry compliances, curb the demands of maintaining an IT infrastructure, and greatly minimize the threat of cybercrime. For more information, call (850) 391-1022 or email email@example.com.