October 23, 2018

Cyber Espionage Is a Thing You Should Start Worrying About

cyber espionage

I’ve waited with bated breath for the 2017 Verizon Data Breach Investigations Report and it’s finally out. It’s full of juicy, nightmare-inducing cybercrime data again this year. The most recent report analyzes 1,935 breaches and 42,068 incidents across 84 countries, and, according to the experts, the data set confirmed that this was the “year of cyber espionage.”

According to John Loveland, a bigwig cyber security guy at Verizon:

We [Verizon] found that 21% of the breaches in this year’s data set were related to espionage. And cyber espionage was particularly a threat in manufacturing, where it accounted for 86% of the breaches, and the public sector — at 41%.

Beyond cyber espionage, there’s more bad news for us in-house accountants and auditors: The financial services industry experienced about a quarter of the confirmed breaches. ATM skimming, Denial of Service (DoS) attacks, and botnets are the three big, overbearing issues in the industry. After that, privilege misuse is the next big contender. Did we never learn that power corrupts? Geez. Lock it down! Stop giving people too much power and spread it around a little.

In sum, here are the recommendations for financial services firms:

Taunt them a second time—Use two-factor or multi-factor authentication to help secure all web applications.

Make a new plan, Stan—In this industry you are likely to be the target of DoS attack. Have a DoS protection and mitigations service in place and make it your job to know the details of the agreement with the provider.

It’s not that I don’t trust you, but…—Keep an eye on employees and periodically monitor their activities. Do not give them permissions they do not need to do their job, and make sure you disable accounts immediately upon termination or voluntary departure.

Solid advice. Those of us CPAs who preach general IT controls all day can appreciate the experts at Verizon vindicating our efforts. (By the way, I do love their flair for spicing up the information. After my own heart. If you’re bored, the whole report is a fun read.)

Other advice provided in the report is to retire your old, worn out password — yes, the password you use for everything under the sun — and start fresh. There’s a big market for breached data including passwords, and cyber criminals are using stolen and weak passwords as an easy way in. We still love to hate those dreaded password policies, but they only work if you mix up your passwords once and awhile and don’t use the same one for everything.

Once you have those passwords reset to a shiny, new one, don’t be seduced by a phishing attempt. The report cites that 1 in 14 users will fall for phishing and the consequences could be more damaging than in the past since phishing and malware often double team. It’d be a big headache, obviously. Be vigilant and wary of random password prompt screens. There’s a super nasty Google Doc phishing scheme floating around right now that’s very convincing. If the phish has snagged you already:

Check your Google account’s app permissions. There should not be an app called “Google Docs” there — actual Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting “Remove”

Oh, and change all your passwords, pronto. Google reports they have the phishing issue handled but I would be wary still.

Since last year’s stats are also miserable, I can guess what next year will bring. Pay attention, people! We clearly haven’t learned our lessons yet.

Image: Pixabay.com

Related articles

Tracking Charitable Donations? Now There’s a CPA-Developed App for That

In more non-iPad, Apple-related news, we learned earlier this week about iDonatedIt, an iPhone app developed by BMG CPAs in Lincoln, Nebraska. The app is designed to track all non-cash charitable contributions whether it be clothes, furniture or family members (okay maybe not the last one). This will allow you to track all of our donations to Goodwill, Salvation Army, etc. rather than receiving that crappy receipt they give you that has nothing on it.

Being interested in all things accountant-ish, we got in touch with BMG to find out how this bit of ingenuity came about.

We spoke with Todd Blome, a partner at BMG who came up with the idea and he told us that as soon as he got an iPhone he was thinking of ideas for apps that would be useful for his clients. Since Todd is the tech-savvy partner at BMG, (he heads up their IT consulting services) he started kicking around ideas right away and eventually landed on the idea for iDonatedIt.

Todd told us that the development was fairly simple and that there were only two test versions prior to releasing the app.

“So far we’ve 100% positive feedback on iDonatedIt,” Todd told us, “We’re definitely looking for suggestions for improvements or add-ons.” The one idea that has been floated to Todd was adding a tax savings tool to the app so that a user could determine how much tax savings would be created by the donations. “That will probably be in version two,” he told us.

iDonatedIt retails for $2.99 at the app store and as Todd noted, “a donation of one item pays for the app.” A version for the Droid is currently in the works as well.

Todd and the rest of of his team at BMG are kicking around a few more ideas for apps but he said they want to make sure iDonatedIt is working as good as possible before committing to another project. Check out the demonstration below and jump over the firm’s website or follow them on Twitter to give them your feedback.

Shoeboxed: Saving Accountants One Nightmare Client at a Time

Last week we briefly mentioned Shoeboxed.com and how they can make all your shoebox receipt toting clients disappear. Not only that but it may save some of your more aggressive employees the trouble of explaining why they punched out the deadbeat who showed up with their receipts on April 15th.

We were fortunate enough to spend a some time with Stacy Chudwin, the Company’s Director of Communications, to learn more about the Durham, North Carolina Company.

Stacy told us that the Company got its start by servicing small businesses who wanted to avoid the hassle of tracking expenses by keeping a mind-numbing amount of receipts around, “Businesses can simply compile all their receipts, send them to us and we scan, enter the data and categorize them.”

Now the Company offers an “Accounting Professional Plan” which allows CPAs to do the exact same thing for those clients who aren’t so organized with their bookkeeping, “CPAs can either have their clients send us the receipts directly or they can send the us shoebox that gets dropped off on their desk and we’ll take care of the rest,” Stacy said.

Once all the data entry is finished you can access the information via your business’ account and for CPAs, you can create sub-accounts for each individual client. These reports can then be exported to a number of applications including QuickBooks, Quicken, Excel, and others.

The Company has also developed a free iPhone app that will extract all the information from a photo of the receipt. So for you Holiday Inn jockeys out there, you don’t have to stuff all your receipts in your suitcase and try to decipher everything you spent two weeks later.

“So far all of the feedback from our clients and users of the mobile apps have been great, however everyone wants more features both in their accounts and for the app,” Stacy told us.

Stacy also maintains the Shoeboxed Blog that is updated a few times a month that has areas for “Small Businesses”, “Taxes”, “Budgeting” and “Shoeboxed.com Resources”. She also informed us that they have a very active Twitter account, “We like to use Twitter to make announcements, to highlight recent press, and to retweet some positive feedback from followers, but we will also respond one-on-one if a user has an issue and reaches out to us via Twitter.”

If you’re not hip to the whole Twitter thing the Company has online customer support and a toll free number for all your questions.

The Company has several different plans for both businesses and accountants and both come with 30 day trials. So if you’ve more nightmare clients thatn you can count, what are you waiting for? Thanks to Shoeboxed, now you can add more clients instead of wanting to physically attack them.