We hear most every day about one type of security or privacy breach or another. It seems that many Americans have become a bit numb to the topic. Perhaps this is a product of the numerous detailed and required communications that are provided when a breach occurs, a lack of understanding, or the classic perception that “that won’t happen to me.” As you might imagine, the correct response is dependent on the particulars of the situation.
What is certain is that there are significant concerns regarding cyber security and identity theft. In the news, in the mail, even on the IRS website www.irs.gov, where there are any number of pages dedicated to the topic, and of course, on the Federal Trade Commission website www.ftc.gov.
Seeing so many stories, I began thinking, am I doing what I should to protect myself? I came up with a few ideas, including strong passwords, firewalls, not sharing my personal information, and certainly not clicking those email links from some bank, the IRS, or my long-lost uncle from Nigeria. Since I am not a high-tech expert, I decided to “interview” a couple of my super-smart IT Security consultant colleagues to see how far off the mark I was, and maybe even get some free, easy-to-follow advice.
Carl Cadregari and Brett Coburn from The Bonadio Group’s Enterprise Risk Management team were happy to offer some observations and suggestions.
Gail: Is there any simple way to explain the world of “cyber security.”
Brett: Basically, “cyber” has come to encompass all electronic representation of data and related technology. In other words, the Internet, your smartphone, websites that offer services like your bank, or (as you mentioned) the IRS. Also, social-media sites like Facebook, LinkedIn, etc.
Carl: Security, as it relates to information, means setting up defenses to protect information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.
Gail: Great, so what kind of defenses can I deploy to protect my information?
Brett: Well, the first thing you need to do is deploy sentries, meaning set up various methods to monitor your information. Good ways to do this are signing up for credit monitoring and identity theft monitoring. Most of the time, you can get this for free from a company that lost your information. (Most recently, this includes the government Office of Personnel Management.) These services will alert you when something changes in your credit report or if someone attempts to take out a loan using your information.
Carl: Additionally, set up alerts on your credit and debit cards. For example, you can set it up to get a text message every time more than $50 is charged. On the same note, continually review your transactions; sometimes the bad guys make multiple small-dollar charges that you might miss.
Gail: Ok, so I have my sentries, that is, monitoring set up. What about actual defenses?
Brett: You mentioned the obvious ones already: strong passwords and firewalls on your home network. Other good things to do include having a pin/password on your smartphone, and enabling encryption on it, and also installing anti-virus software on your smartphone and home computers.
Carl: Also, understand all your “Internet ready” devices in the home. Does your smart TV accept voice commands? Who else receives that data? Think about a home security system and perhaps a baby monitor. These items all have the capability for you to access them remotely, so the key is for you to set them up so that only you can access them and not just anyone on the Internet.
Gail: I do that and I’m secure, right?
Brett: Well, not exactly. One very key thing to remember is that once you have your defenses set, you are not done. Monitoring these is as important as setting them up. Make sure for example, that if you upgrade your TV’s firmware, your security settings haven’t been modified or reset.
Carl: Also be aware of when certain threats can occur. The recent holiday season is a good example; it was a prime time for scammers to send emails trying to get you to click on a link. These are usually disguised as “Check your FedEx shipping status” or “Your account is overdrawn.” In the next couple of months, you’ll see a lot of information about tax-return status and the like.
Okay, I feel better, I think. My take-aways are 1) pay attention, 2) put some safety measures in place, and 3) monitor, monitor.
Gail Kinsella is a partner in the Syracuse office of The Bonadio Group accounting firm. Contact Kinsella at gkinsella@bonadio.com