Data Breach Recovery Tips for Accounting Firms
Data breaches have unfortunately become commonplace in our modern business and personal lives, and if your firm is on the receiving end it’s all about access and recovery. As such, we bring you this blog from Entigrity’s Patrick Ross to help you with this eventuality.
More often than not, accountants keep coming under the scanners of hackers and eventually become a victim of cyber security attacks. Once ranked as the best cyber security consultant in the world, even Deloitte admitted in March 2017 to be one such victim, apparently indicating that you always have got to have a plan B in place if things go wrong.
If an organization like that can be attacked, anyone can. More importantly, each breach leaves a lingering, if not lasting, imprint on an enterprise’s brand.
However, the best thing to do in this situation is to recover as fast as it could be. With proper response planning and vigilant approach the recovery could be faster and a lot of damage can be saved.
1. Evaluate the Severity and Scope of the Incident
If a laptop computer or other portable device is lost or stolen, identify the data that may have been exposed, and determine whether these materials are protected by password or encryption. Consider engaging forensic information technology experts to determine the scope of the problem.
In addition, if the possibility of identity theft or other criminal activity is present, inform appropriate law enforcement agencies of the situation.
2. Having an Incident Response Plan
As soon as a data breach is discovered, the response plan must get in action. Generally the best approach is to take all the working devices offline and deploying the IT team (or consultant) in action.
The most important information to find out as quickly as possible is the exact nature of the breach, the extent of the damage, and who’s responsible for the breach. When creating your response plan, you may want to create responses for a few different levels of data breaches, with detailed response steps laid out for each type of breach.
This plan should outline what you need to do and whom you need to contact after a data breach. It should be a step-by-step guide to what you need to do to comply with state and federal laws and inform affected customers about the incident.
3. Inform the Potentially Affected Clients
This is a very important and critical decision to inform the client about such mishaps. Although it is understood that your firm’s credibility could be at risk but it has to be done anyways. That's because data breaches aren't just about lost data.
They're about lost trust and small accounting firms rely on that trust to maintain their client base. When you've built up a client base over years of hard work and have to inform them that their Social Security numbers and financial records are now in the hands of criminals looking to commit fraud
4. Deploy Software Defines Perimeter Services
Enterprises need to constantly assess the latest advancements in network security as well. Software-Defined Perimeter (SDP) services, for example, block communications between enterprise applications and end user devices from potential attacks through the Internet.
SDP reduces security risks over the Internet by making critical applications and resources invisible to everyone until the end users and devices are authenticated and authorized. Such advancements are designed to reduce potential data breach incidents as more companies adopt new technology.
Moreover, during the recovery process, one should learn from the past incidents and make sure to follow more stringent protocols to not let such havoc repeat itself again. Some of the steps that can be taken are:
- Require two-factor authentication for access to email from the Internet.
- Require Virtual Private Network (VPN) access for telecommuter and travelers accessing company networks. Encourage travelers to note travel device usage times, locations, and other details including connections and accounts used.
- Limit administrative access for employees to their devices; if admin access is required for job function, enact a policy restricting use or installation of non-approved third-party apps.
- If possible, provide employees with travel devices that can be rebuilt upon return; limit access from these devices and keep known baselines to expedite digital forensic review.
We also suggest having a few practices and policies in place to avoid such mishaps coming your way, such as keeping operating systems, antiviruses, firewalls updated; having strong password policy, usage of secure devices with tracking facility; backup data must also be encrypted, etc.
A lot of troubles can be escaped through if you have trained employees and limited admin rights. The more you are informed, the better you are secured.
The article originally appeared on the Entigrity blog site.
Patrick joined Entigrity, a remote staffing firm for CPAs, EAs, tax and accounting firms, in 2015. He has his core expertise in the field of technology but holds special place for accounting. He has been rigorously doing efforts to find out ways how accounting firms can make the most out of modern information technology.