While speaking at a recent accounting conference on forensic accounting, a participant asked about “best practice” suggestions pertaining to technology safety. Clearly this is a very broad and ever-changing topic. This article is an attempt to capture some suggestions and to raise awareness, as most of us need to maintain at least a minimum level of technological knowledge. Further, many of the underlying issues discussed below can be applied to our smart phones, tablets, and other technological toys.
Keep in mind that these suggestions are coming from a technology centric accountant, NOT an IT specialist. Accordingly, depending upon your needs, you may want to consult with an IT specialist.
Password Security
Passwords should be a mix of at least 8 characters, consisting of upper and lower case letters, numbers, and symbols. We typically have 30 to 50 websites that require some sort of a password. How can you possibly keep them straight?
People are often lazy and take shortcuts. It is these shortcuts that cause problems. It isn’t uncommon to find people who store their passwords on sticky notes by or near their computer. The other common error is using the same password for every website.
There is password vault software (and apps) available which offers robust encrypted security. The benefit is that you only need to remember one strong password to unlock the vault – then the vault can access all your other sites. One benefit here is that many of these apps are cloud-based, meaning that you can use them on multiple devices (such as tablets and cell phones). As an alternative, you can also keep a file with all your passwords listed (such as an excel file). Just make sure the file is encrypted.
Network Security
Most of us have a wireless network (WI-FI) at home. When was the last time you replaced your router? As technology advances, it might be time to update your router. Your router should be password protected and not an open network. Further, the network should be encrypted using WPA or better yet WPA2. If your router is using WEP (especially 64 bit), it is probably time to replace it.
Like your main WI-FI network, many homes use WI-FI extenders to provide WI-FI access to some “dead zones” in your house. The WI-FI extenders should also offer WPA / WPA2 encryption.
On a positive note, you may find that updating your Wi-Fi router provides you with faster Internet access and streaming.
Computer Security
Your computer should require a logon password and be running an anti-virus software at all times. Services such as Norton Security, Kaspersky Lab, and McAfee are among the most popular. Your service should be set up to download any updated databases on a regular basis to help provide you with the highest level of security.
You should be careful with downloading files from the Internet and clicking on links on websites and within emails. Always hover your cursor over the hyperlink without clicking it to see what the address is for the hyperlink. If the address appears suspicious or if it is taking you to an unexpected site, do not click on it. A common phishing scheme involves receiving an email from your bank (or other financial institution) indicating that you need to update your password, with a link within the email. The email may look like it’s from your bank, but it really isn’t. Instead of responding or doing something within the email, you should log on to the bank’s website and follow up from there.
For financial transactions or anything requiring security, make sure that your Internet connection is secure, using an HTTPS connection instead of HTTP. Data transferred through a HTTP is not encrypted and can possibly be intercepted and read. If data on a secured connection is intercepted, the information is essentially meaningless.
External Storage
External hard drives and other storage devices should be encrypted. Many such drives can be bought with encryption capabilities. If you lose your external hard drive or USB flash drive – the files would largely be inaccessible to the person who finds them.
Since we are speaking about external storage, make sure your files are being backed up on a regular basis. Your backup can be on a local backup device, on a cloud-based service, or perhaps both. If you are using a local backup, it might be a good idea to periodically backup “the backup” and store that secondary backup at an outside location. This helps provide a piece of mind in the event of a fire, flood or other catastrophic event that affects your home.
Files
Sharing files with sensitive and or confidential information may require some extra protection. Prior to emailing such documents, most individual files can be encrypted. For example, Microsoft word and Excel files have encryption capabilities embedded. Similarly, you can encrypt PDF documents with ease. One suggestion would be to obtain the recipients cell phone number and text him/her the encryption key to unlock the document. Once you have the document encrypted, you can email it. The benefit of sending the encryption key to a cell phone is that it provides a second level of protection to potentially compromised email or even worst email sent to the wrong address.
Surfing the web from outside your home
Many of us search high and low for those free Wi-Fi locations, to provide us with hours of free Internet access. It is important to note that you should always exercise caution. First, find out the name of the Wi-Fi connection. Someone nearby could easily set up a hotspot connection with a similar name. Connecting to such a hotspot could compromise your data. Secondly, if the Wi-Fi connection is not secured, your data could easily be compromised as well. If you choose to connect to public Wi-Fi’s, I would suggest that you only use the connection to view news and general informational websites. If you can logon to a VPN (virtual private network), your security is better but your information can still be compromised.
If you find yourself in situations where you want to do more than just read news; instead of accessing free and unsecured Wi-Fi, consider purchasing a MiFi router from your cell phone provider. The MiFi acts as a mobile hotspot and encrypts the data being communicated. Most of the MiFi routers allow you to add numerous devices, so that several people can access service at the same time.
Paper
Although this article is on computer security issues, we should at least mention a few issues pertaining to paper. We still receive and generate many important papers. Such documents may contain social security numbers, healthcare records, and other information that you may not want others to see. Your most important papers should be kept in a secured location, such as a fireproof safe, or safe deposit box. Important personal documents should be locked away and out of the eyesight of household workers and intruders.
Every household should have a shredder. If your shredder is old and is a strip-cut shredder (cutting the paper in long strips), it should be replaced. Your home shredder should be a cross-cut (cutting the paper into small pieces), or a micro-cut (cutting the paper into confetti). New shredders also have much better safety and auto-stop features and should be a considered – especially for households with pets, small children, or elderly. You should get in the habit of shredding all documents with personal identifiable information on it. Many shredders also can dispose of credit cards and CD-ROMs.
Conclusion
In this ever-changing world of technology, you need to make sure that your equipment and infrastructure are current. Like locking your doors to your house, your household Wi-Fi should be encrypted and current. Passwords should be maintained in an encrypted file or on an encrypted password app. When out of your home, you should practice “safe-surfing” practices by not visiting any sites that require log on credentials. If you need a more secure connection when visiting your favorite coffee shop, consider getting a MiFi router.
It is difficult to stay current in such an ever-changing field. Unfortunately, it is incumbent upon us to do our best to stay current as new technology threats seem to appear on a weekly if not daily basis.