Each year, the American Institute of CPAs publishes its annual list of the top technologies most likely to influence the accounting profession over the next 12-18 months. For the seventh consecutive year, “Information Security Management” was voted as the most important issue affecting IT strategy, investment and implementation.
If we do a good job protecting information, why is this topic ranked so highly, year after year?
The 2009 list also included “Privacy Management” and “Secure Data File Storage, Transmission and Exchange.” I’m not a fortune teller, but if I were making a prediction, “Security” and its subtopics would make the list – at least for the next few years and possibly well into the next decade.
I’m sure most CPAs and accounting professionals follow the basics when it comes to protecting information. For example, don’t keep yellow “stickies” with sensitive information near your computer, ensure firewalls are operating, and back up systems and data on a regular basis. And, for goodness sakes, don’t use your middle name as your password! Instead, create passwords that contains letters and symbols instead of referring to any personal information. In addition, remembering passwords is difficult; password management tools exist to help you store your passwords. I use the one included in my Blackberry applications.
In addition to these basics, there are many other preventive measures you also could take that are not costly, yet help, and many are rooted directly in your operating system. This is something we take for granted because the system is always there without any reminder that it might need attention, maintenance or updating.
1. Operating Systems.We only have a few more months before Microsoft releases Windows 7, the follow-up to Windows Vista. Although Microsoft certainly will sell and support Vista for some time, and support Windows XP without any new sales, the new operating system is reported to be much, much better than its predecessors. Windows 7 includes many built-in security enhancements, including stronger authentication tools, user settings and biometrics. According to a Microsoft blog entry, Windows 7 introduces the “Windows Biometric Framework that makes integration easier and more consistent to help deliver enhanced reliability, compatibility and usability of fingerprint-based solutions.”
Although the majority of us won’t want to even begin to understand the technical aspects associated with these tools, it will be comforting to know that our operating system is working for us.
2. Malware.Unless you have an IT staff ready to deploy its knowledge, most of us have to rely on technology that runs in the background. I have a colleague with a home computer that always complains that his system was running slowly. Weary of hearing him complain, I suggested he download and run Windows Defender, an anti-spyware application that should capture and contain any intrusions that might cause the system to slow down.
It turned out the program was built in to Vista, but Defender wasn’t turned on. He activated it and it did find some instances that needed to be handled. While not significant to fixing his “speed” problem (turned out it was an issue with his memory), he can, at the very least, now be reassured that he is doing a bit more than before to secure his system.
Macs are a different story. The Mac operating system, now up to Mac OS 10.5.7, also has built-in security features. While Macs are reportedly not as prone to attacks as PCs, I don’t know many accounting professionals working on Macs due to the lack of mainstream accounting software support. For example, although Intuit offers QuickBooks for Mac, it’s not nearly the robust program as QuickBooks for Windows. Still, no one needs to second guess any security measures for their operating systems; Apple is very adept at offering its users online resources to help protect information.
Nowadays, PCs cannot exist without anti-virus and anti-spyware. Malware – viruses and spyware – isn’t created by just a kid in the basement trying to see how much he can mess up other people’s computers. Malware comes from much more sinister sources, such as organized crime syndicates trying to get access to personal information.
A great resource for choosing an anti-virus program is to go to cnet.com, click on reviews and use the search box to find “anti-virus.” Sort by date (the default is relevance) so you see the reviews for the current anti-virus programs first. Also note that anti-virus programs generally include anti-spyware, but not always in the basic edition.
3. Alerts and Firewalls.Whether you operate in Windows or Mac OS, make sure your alerts are always turned on to let you know to install all updates. Again, this runs without you ever knowing it’s working on your behalf. QuickBooks users, for example, have options to turn on automatic updates.
Beyond the operating system, there are many other steps you can take to secure your information. I mentioned firewalls early on as a “must-have.” I assume you’re running a firewall, but you should understand the distinctions between firewalls. For example, a host-based or personal firewall protects an individual system, such as a stand-alone PC. Conversely, a perimeter firewall will handle all traffic on your network. Since most of us reside on networks, the perimeter firewall is worth knowing more about.
There are a ton of resources on the Web that explain perimeter firewalls. In fact, it’s evident perimeter firewalls are not new based on the dates associated with some of the articles I found. However, a 2005 article from TechWorld should do the job because it offers a soup to nuts explanation.
4. Encryption.When it comes to protecting information, the best way is through encryption with authentication and confidentiality as the main components of any encryption effort. However, do not assume your information is encrypted. Make sure by looking for the obvious signs, including digital certificates and signatures. Office 2007, for example, includes encryption technologies so that users can digitally sign documents for authentication and password-protect documents for confidentiality.
If I steal your computer/laptop, pull out the hard drive and plug it into my computer, I can read all of the data on the disk. Many office intrusions go after just the computers in the office likely to hold sensitive data for just that reason. In Vista, all you have to do to encrypt a folder is right-click on the folder, select Properties, click the Advanced button and check Encrypt contents to secure data. This will add a significant layer of protection. It is important to do this for all folders that have data or sensitive files. If sensitive documents are sent/received through an e-mail program such as Outlook, it’s important to apply this setting to the folder that holds all of the e-mails as well.
5. Educate and Learn.The last reminder to information security is to educate yourself and your staff on a continuous basis. Sure, training sessions and/or CPE on tax and accounting is vital to operating your business, but you also must make time for smarter uses of your systems. For example, consider discussing security during staff meetings or bringing in a third-party perspective.
A smarter workforce is a more secure workforce. Begin increasing your knowledge and system security right away through some of these simple, proactive measures.
For more information on OS security: http://technet.microsoft.com/en-us/magazine/2009.05.win7.aspx and http://www.microsoft.com/security/default.mspx
---
Diana DiBello is director of Product Development for SpeedTax, a provider of sales tax software solutions whose primary goal is to provide educate and inform on issues related to sales tax compliance and reporting. DiBello previously was a senior manager in the State and Local Tax Services Group for Grant Thornton. Contact her at dianad@speedtax.com.
