The #1 vulnerability when it comes to cyber crime for accounting professionals and small businesses alike is human error.
“95% of cybersecurity breaches are due to human error” cybintsolutions.com
Those errors usually happen because of inappropriate disclosure or handling of passwords and login credentials. This happens in a variety of ways, which sad to say, I see often among many bookkeepers and accountants.
- Sending and receiving login information (including passwords) via unsecured email
- Storing passwords on sticky notes, spreadsheets or Word documents with no protection
- Using only a few simple, easy-to-guess passwords on many different sites (to make it easier for us to remember)
- Routinely sharing login credentials with staff, without internal controls
- Keeping the same passwords for years
None of us is perfect (including me), but we need to be paying more attention to the growing risks and liability related to these practices. Cyber crime is on the rise, and we’re a prime target.
Why We Need to Be Concerned
Cyber attacks that are financially motivated are increasing and the criminals are switching to easier targets, according to the Verizon 2019 Data Breach Investigations Report
The easy targets for these cyber attacks are small businesses, since they are easier to trick into exposing passwords and logins credentials.
According to Hiscox 2018 Small Business Cyber Risk Report, “Small businesses are less likely to have strategies in place to ward off attacks, detect them early if they do occur, and reduce the damage. And, they are less likely to be able to withstand the financial impact of a hack or breach.”
We are prime targets because we are privy to, among other sensitive information, bank account logins and bill payment systems, often with permissions that allow transfer of funds. The criminals want to see us make mistakes they can exploit.
So, would you say it’s important for us to educate ourselves and our team on how to properly handle the sensitive information we work with on a daily basis, including passwords?
In a word: Yes. It's mission critical!
The good news is, with just some small changes in procedures, we can drastically reduce the risk of hackers getting access to or cracking vital passwords.
Simple Password Best Practices
Here are just a few important methods you and your team can use to tighten up password handling. These are simple and cost little to nothing to adopt into your regular daily practice.
Use a unique password on each site you log into – Doing this helps to limit exposure and damage should a breach occur.
Use long passwords that aren’t easy to guess – That’s a combination of letters, numbers and special characters. Using a sentence that sprinkles numbers and punctuation throughout that only makes sense to you is a good choice.
Use a password manger – Using a program such as LastPass or RoboForm make it far easier to use strong passwords and securely store them. They include a password generator function too. So you only need to memorize one master password. Best of all, you can have your passwords accessible across all your devices for added convenience.
Turn on multi-factor authentication – Also known as 2-factor authentication. It’s when a code is sent to you via text or email to gain access to an account after login. Yes, it can slow you down a bit and be somewhat inconvenient. But this is a powerful layer of security few hackers will be able to break (at least for now). If it’s available, especially on financial accounts, turn it on.
Get your own login – Most business bank accounts will allow a bookkeeper or accountant login with read-only access. Wherever possible, you want to have this set up for each of your clients' accounts. It protects both you and your clients, and avoids violating most banks’ terms of service for using their online banking website.
Learn & Share
Cyber crime of late has disputedly been said to be more profitable than the drug trade! Whether or not that is an exaggeration, the truth is cyber crime is significantly on the rise. It's a key threat to bookkeepers and accountants working with clients through the Internet.
As virtual professionals we must take the initiative to put protective practices in place to avert disastrous mistakes. Implementing good password handling habits is a good start in the right direction.
To make it easier to raise awareness and share this information with your team and clients, you can download this handy PDF one-page list of key Password Dos & Don’ts.
If you've got password security under control, or you'd like to dig deeper into many more simple and inexpensive ways you can significantly reduce your risk of being a victim of cyber crime, consider joining us this month for the August TFB Premium monthly training session. The class is called, “Cybersecurity for Bookkeepers – 2019 Update”
Have you developed best practices of your own when it comes to managing passwords? Please let us know in the comments below.
Also, this topic is so important for us as virtual bookkeeping professionals. Please share it with others. It's one of those “little things” that can make a big difference!