الامن السيبراني - شبكة المحاسبين العرب

الإثنين, 03 أكتوبر 2022 12:58

كيف يمكن لشركات المحاسبة الحماية من تهديدات أمان العمل عن بُعد؟

غيّرت جائحة COVID-19 طريقة عمل الناس بشكل جذري.

معلومات إضافية

المحتوى بالإنجليزية How accounting firms can protect against remote work security threats
By Sarah A. Lynn, Douglas G. Schultz
July 14, 2021, 11:45 a.m. EDT
5 Min Read
Facebook
Twitter
LinkedIn
Email
Show more sharing options
The COVID-19 pandemic has fundamentally changed the way people work. Millions of employees have been able to stay productive while working from home during the lockdowns thanks to remote collaboration technologies like Zoom, WebEx and Teams. Very quickly, virtual meetings became ever-present, and people could connect with their managers and clients or give presentations from any location with internet access, including other countries. Even as much of the country returns to business (mostly) as usual, firms instituting flexible or work-from-home policies may need to review their telecommuting policies and practices to help keep data safe.

While working from home has been key to business continuity over the last 15 months, it has also opened up some potentially major security issues for firms. In an office setting, there are multiple ways to secure data, including firewalls and physical security measures such as badges, doors, locks and keys. However, remote employees could be working from their homes, their cars, or at a local coffee shop. They have laptops, mobile phones, tablets and smartwatches — all of which communicate with each other and could use several different services (Wi-Fi, Bluetooth, cellular data, RFID).

Being outside a secure office makes these employees, and their data — that is, your data and your client’s data — vulnerable to data leaks and hacks. Even something like a chat or text message could contain confidential information, such as a Social Security number, birth date, tax information, or even medical information.
This is why robust data security is vital for any company. Data breaches that compromise client or employee data are notoriously costly, averaging over $3.9 million in 2020. They not only hurt a firm's reputation and bottom line but can also result in the theft of client information, proprietary information or intellectual property. Think of all the due diligence-related information your firm has on clients who might be preparing for an IPO or merging with another company.

It's these risks, by the way, that drove the American Institute of CPAs to add to its Code of Professional Conduct Confidential Client Information Rule 1.700.001, which deals with disclosure of confidential client information without the specific consent of the client. This rule goes hand in hand with Internal Revenue Code Sec. 7216, where failure to comply can lead to fines and other consequences.

It is against that background that all firms must make a concerted effort to be vigilant about protecting their data and their client’s data. Accounting firm leaders must recognize the issues affecting their firms and take measures to educate their professionals. With that in mind, here are a few practical ways to help secure access to data, stay compliant, and mitigate the damage in the event of a breach.

Encryption is your friend

You may have outfitted all of your employees with laptops and a secure virtual private network. While a VPN might be enough protection when employees use their devices on a secure home network, what if they’re traveling or decide to work in a cafe? Many hotels, airports and cafes offer free Wi-Fi, but these unsecured networks can allow hackers to gain access to data that is supposed to be secure. A VPN may protect outbound data, but it still leaves the laptop or tablet itself vulnerable via other potentially active services such as Bluetooth, hotspots or RFID. Encrypting the device itself will make it much harder for criminals to access the data.

Encryption can also help protect a device if it is physically stolen. Unattended computers, tablets or mobile phones are tempting targets for thieves. With the device in their possession, the thief could have a treasure trove of confidential information they can sell or use to scam your clients. If a device is encrypted, the data is safe, and you only lose the device. It could mean the difference between $1,000 or $1,000,000.

Turn off services

Mobile devices are designed to make communication easy. This is a double-edged sword, however, unless there are security protections in place. For example, virtually all mobile devices have Bluetooth, and a growing number can be used as internet hotspots or have radio frequency identification (RFID) technology built right in. If these services are turned on, a hacker could potentially compromise the device. While these services can be beneficial, they do not need to be active 24/7. All employees should be instructed to turn them off until they are needed, especially while traveling.

Make sure to back up your data

With millions of Americans telecommuting, tens of millions of laptops and other devices are floating around filled with potentially sensitive data. This creates a greater chance that data could be lost if a device is lost, stolen or damaged. Employees should back up their devices daily, or at the very minimum, weekly, so the information will remain accessible if there is a catastrophic failure. Moreover, it is vital that employees restrict backups solely to company-approved destinations (e.g., cloud storage, on-premises servers, encrypted hard drives). If they make a backup to another location, it exposes their organizations to a potential data breach they have no control over.

As a firm leader, you should work with your IT team to ensure the mobile devices with access to firm information use properly “containerized” apps such that your firm’s data is automatically backed up, even if the rest of the device’s data is not. Note that even email and everyday collaboration tools are loaded with documents and sensitive data that could be easily leaked. To reiterate, always (1) encrypt the devices and (2) back up important information.

A few decades ago, it was practically unthinkable that employees would have access to a secure server from their home, or for them to be a potential target for hackers. Accounting firm leaders must adapt their security practices to the time and, perhaps most importantly, educate employees about cybersecurity. Even with just these three relatively simple steps, firms can significantly reduce the chances of being subject to a costly data breach or cybercrime incident.

نشر في تكنولوجيا المعلومات

موسومة تحت

الخميس, 08 يوليو 2021 13:14

دعوة للمتحدثين لمؤتمر IIA الدولي لعام 2022

دعوة مقدمي العروض الديناميكيين لمشاركة أفكارهم وأدواتهم ومواردهم مع المدققين الداخليين من جميع أنحاء العالم في مؤتمر IIA الدولي لعام 2022، الذي سيعقد في 17-20 يوليو في شيكاغو. أرسل قبل 22 أغسطس 2021.

معلومات إضافية

المحتوى بالإنجليزية Call for Speakers
2022 International Conference
July 17–20
McCormick Place Convention Center, Chicago
Submission Deadline: August 22, 2021, 11:59 p.m. ET

Overview
This document has been developed as a guide for proposal submissions for the 2022 International Conference. We encourage all potential speakers to review this document prior to submitting a proposal for consideration.

The theme for The IIA’s 2022 International Conference sets the stage to share new and forward-looking information and leading practices in the pursuit of excellence in internal audit. As internal auditors are increasingly becoming trusted advisors and an integral part of their organizations, they are compelled to broaden their arsenal of skills. This conference will prepare industry professionals to embrace and learn new technologies, and implement new tools and techniques to effectively respond to shifting business and risk landscapes. The goal is to equip the profession with the resources it needs to stay current with the latest developments and advancements to bring significant value to businesses around the world.

We seek dynamic presenters who can engage their audience and conduct thought-provoking discussions. You are encouraged to participate by submitting a proposal to speak, noting the topic on which you would like to present within the education formats noted below.

Topics of interest for the conference include:

نشر في موضوعات متنوعة

موسومة تحت

الأحد, 04 يوليو 2021 13:34

ندوة ال IFAC عبر الإنترنت: الاستجابة لتهديدات الأمن السيبراني

معلومات إضافية

البلد عالمي
نوع الفعالية مجانا
بداية الفعالية الأربعاء, 14 يوليو 2021
نهاية الفعالية الأربعاء, 14 يوليو 2021
التخصص تكنولوجيا
مكان الفعالية أونلاين

نشر في فعاليات مهنية

موسومة تحت

الأحد, 03 يناير 2021 13:38

خمسة أشياء يجب التفكير فيها في عام 2021

أظهر لنا العام الماضي أن الاضطراب يمكن أن يحدث في أي وقت

معلومات إضافية

المحتوى بالإنجليزية 5 things to think about in 2021
By Susan S. Coffey
December 31, 2020, 9:25 a.m. EST

This year showed us that disruption could happen at any time, but as a forward-thinking and innovative profession, it also showed us that we were prepared to handle it. While it’s true that 2020 disrupted how accountants worked, it didn’t change the importance of what we do — in fact, it showed us that we are more valuable than ever to our clients and employers because of our agility, adaptability and ability to problem-solve during times of extreme challenge.

We can be almost certain that the next few years will continue to bring the unexpected. We’ll need to keep a sharp eye out for emerging trends and changes impacting the business environment, and therefore our profession, and evolve to continue meeting the demands of a constantly changing, disruptive world.

Here are some of the things I’m thinking about as we go into 2021 that I think are poised to elicit change in our profession and how you can act to make the most of them.

1. Technology is impacting what we do at an exponential rate, and we need to embrace it. 2020 showed us that one event could accelerate what we thought would take years to change. While the pandemic upended our lives, it also fast-tracked our adoption of technologies like cloud-based solutions and digital communications tools, and hastened our need to address technology-related challenges like cybersecurity. The most prepared practitioners had already leveraged advanced technologies. Those who hadn’t quickly realized the value and pivoted.

Now is the time to reflect on the ways your firm has used technology this year and strategize how you can adopt emerging technological solutions for your firm’s management and client services.

2. Trust in the disclosure of nonfinancial information is increasingly important. The pandemic increased attention on how businesses interact with the world around them. A focus on a diverse and inclusive workforce — and the impact of natural disasters— are resulting in more and more companies thinking about the ways social and environmental issues affect how they operate and communicate the value of their businesses. This shift in business reporting provides opportunities for us to help our clients and employers make sense of how their business practices impact people, communities and the planet.

I’ve been an advocate of environmental, social, and governance reporting and related assurance for many years through the Association of International Certified Professional Accountants’ sustainability and integrated reporting initiatives, and I’m excited to see business and regulatory communities evolve around these topics. I believe there is a huge role for the profession in facilitating meaningful reporting and providing much-needed trust that builds stronger businesses. Accountants are uniquely qualified to measure, report and provide assurance on consistent, comparable and meaningful sustainability-related information. Here are some resources and learning to help you take advantage of this opportunity.

3. Committing to lifelong learning is mandatory. According to the newly released World Economic Forum Future of Jobs report, in-demand skills will change considerably over the next five years. Surveyed employers said the top skills needed by 2025 include critical thinking and analysis, problem-solving, active learning, resilience, stress tolerance and flexibility.

Clients, businesses and organizations will continue to need new and different things from us, and we must commit to constant reinvention. This requires new skills. I include myself in this category and have been advancing my own technological and people skills. I encourage others in the profession to do the same, and a good place to start is the Go beyond+ disruption podcast.

4. Successful firms and businesses are putting diversity and inclusion at the forefront.Companies that are more diverse and inclusive are more attractive to job seekers. They also have better outputs and productivity. However, that doesn’t mean every company is making diversity, equity and inclusion a priority. According to one Accenture report from earlier this year, only 34 percent of leaders identified diversity efforts as a priority at their organization.

Our profession is embracing the diversity of those we serve, but to maximize the benefit, we must create opportunity in leadership positions within our organizations so those we recruit can see themselves thriving and advancing. We support professionals and firms with resources and training to help with your diversity, equity and inclusion efforts.

5. Young people will want to join our profession because of the value we create and the good we do.For many young people, the pandemic has intensified a desire to do good in the world via meaningful employment. They had already considered themselves purpose-driven but are now even more motivated to make a positive impact on the world around them.

Accounting is already an attractive career choice, and as we evolve and add additional services to our client service portfolios, it will become ever more attractive. We're demonstrating our profession is purpose-driven, serves the public good and drives sustainable business. Accountants’ role in the pandemic — particularly supporting small businesses’ access to the Paycheck Protection Program — reinforces our role as a purpose-led profession. The work we are doing around ESG reporting and assurance is similarly appealing. And the association is recognizing the profession’s purpose through our efforts to evolve the CPA. Through education and the CPA Examination, we are positioning the profession to continue protecting the public interest and driving resiliency in business.

I encourage you to reach out to young professionals and students in your area and talk to them about the ways our profession engages in these issues and how they can contribute through a career in accounting.

Get ready for more

In this year of tremendous disruption, it feels like the future has arrived faster than we anticipated.

It’s likely 2021 will also be a disruptive and transformative year, but it’s in times like these that we can truly find the extraordinary. By embracing disruption and leaning into a new, digital, dynamic era, we can reimagine our roles and set the pace of change for the profession, businesses, economies — and ourselves.