MNCPA PERSPECTIVES

Why you shouldn't scoff at cybersecurity importance

Nov. 20, 2017  |  Faye Hayhurst, CPA

Have you gotten the message yet? Bad guys — hackers, phishers, cyber criminals — are out there and they seem to be targeting everyone. It’s big business; some entrepreneurs are even selling “hacking as a service” to would-be criminals.

If you haven’t heard the warnings, you’re not paying attention. And, yet, many of us still seem to be missing the point. For example, having passwords that aren’t easy to crack has been recommended for decades. So, imagine my dismay when I heard that the No. 1 word found in Wisconsin users’ passwords is “Packers.” (I guess Minnesota’s dearth of a championship football team has some advantage!)

Maybe we have become deaf to the cyber warnings because they are so frequent. Maybe we ignore them because we are overwhelmed by this seemingly huge topic. Maybe we think we can leave it to the tech people. Maybe we are fatalistic and think being hacked will happen whether we do anything or not. And, maybe some of us are still buying into the idea that ignorance is bliss.

The reality is that the threat is real and the risk will continue to increase. It’s no longer an area that is just turned over to the IT department. Business owners, board members and senior executives are including cybersecurity in their risk management activities, and they are seeking advice on whether they’re doing the right things (or whether the things they’re doing are enough).

What are some key things to be doing?

  • Use strong passwords that aren’t shared (bye-bye, Packers)
  • Install a firewall
  • Use anti-virus software
  • Patch and update on a timely basis
  • Don’t click! Don’t click! Don’t click!
  • Use secure websites: https://. The “S” following http indicates that.
  • Don’t use public Wi-Fi networks to access sensitive information

For businesses, the Center for Internet Security and the Council on CyberSecurity launched a Cyber Hygiene Campaign in 2014. According to these organizations, 80–85 percent of cyber incidents could be avoided by instituting these five steps of basic cyber hygiene:

  • Inventory authorized and unauthorized devices
  • Inventory authorized and unauthorized software
  • Develop and manage secure configurations for all devices
  • Conduct continuous (automated) vulnerability assessment and remediation
  • Actively manage and control the use of administrative privileges

No person or organization can do everything, and even the best security can often be thwarted by a careless or vengeful employee. But, if risk can be reduced by up to 85 percent, aren’t the odds of staying secure tremendously improved?

The cybersecurity warnings and admonishments will continue, which means there’s no time like the present to reduce your risk!


Topics: Technology

Faye Hayhurst, CPA

Faye Hayhurst is the MNCPA director of finance and administration. She is committed to using numbers to tell relevant stories, although she also employs words, charts and occasionally clothing to communicate a message. While some have questioned her about the pressures of being the CPA for the MNCPA, Faye considers presenting financial information to fellow CPAs a dream job. Outside of storytelling with numbers, Faye enjoys directing her church's handbell choir, visiting national parks and other scenic places, and checking out the chocolate products at Trader Joe's. Faye can be reached at 952-885-5540 or fhayhurst@mncpa.org.

Posts by this author


Comment on this post

* Indicates a required field.

Your name*:  

Your website URL:

Comment*: