Seven ways to address IT vulnerability


When Mike Foster hears from CFOs about IT security issues, he gets the sense they’re focusing on a single hacking event here or there, instead of viewing IT security as a project that needs constant management and attention.

What Foster tells the CFOs is this: “We don’t want to fight alligators. We want to drain the swamp.”

It can become overwhelming to fight IT security issues individually. Hackers don’t take nights and weekends off, so having a plan to fend off attacks that seem to be growing in number and complexity is vital, especially these days. In the 2013 North America Top Technology Initiatives (TTI) survey, released by the AICPA and the Chartered Professional Accountants of Canada, management accountants ranked IT security as their top priority, slightly ahead of managing data.

Foster, who travels throughout North America performing IT security audits, offered seven key tips aimed at helping companies address IT vulnerability.

  1. Apply critical operating system patches to fix security holes: This sounds easy for individual updates, but it is more difficult than it sounds for companies, which might have to update hundreds of computers and servers.
  2. Apply critical security patches to applications: Foster said applications such as Flash and Java are often hackers’ first targets.
  3. Use long passwords when possible and complex passwords when short passwords are mandated: An example: If your password is “Vegas99,” consider changing it to “Veg@$99” or, if possible, “iLost@llmy$$$inVegas99.”
  4. Use spam filtering tools: Hackers attack by tricking users into clicking on a link or opening an attachment in email. Hackers are “pretty good at tricking users into opening stuff, especially if it creates emotion in the user,” Foster said.
  5. Use wireless networking securely: If you like, put a password on it. And educate your employees on the importance of not exposing company data to unsecured wireless networks while working remotely.
  6. If you accept debit or credit cards, take the necessary steps to become compliant under the Payment Card Industry Data Security Standard (PCI DSS): Briefly, Foster said, a business that adheres to PCI standards has the equivalent of a get-out-of-jail-free card in case it is found to have had a security breach regarding credit cards.
  7. Have a business continuity plan and disaster recovery plan so workers can keep working after a catastrophic event: This could be as simple as having a second internet service provider or a 4G card to back up a T1 line that gets severed by a wayward backhoe.

Neil Amato ( ) is a JofA senior editor.


How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.


Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.


News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.