This is the year that false tax return filing really made the news in a big way. First, there was the exfiltration of return data from the IRS Get Transcript website, where many American taxpayers lost personally identifying information. Now there is news of an attack by a Bulgarian cyber-criminal against the networks of four unidentified accounting firms, and the theft of the tax and personal information of around 1000 clients. This crook has been extradited from Bulgaria by the FBI and recently pleaded guilty, and will be serving time in one of our fine federal prisons.
Nevertheless, this information has been sold to other cyber-criminals, and can be used for many other purposes including signing up for credit cards or loans.
So what can you do? Well, unfortunately, not a lot, because in this case your security depends on the actions of your accounting firm. I do think it is time to being asking pointed questions about the network security of not just your accountant, but other vendors including your bank, brokerage, and vendors or suppliers to your business who have access to your network. Your security is only as good as the weakest link, and if that weak link is another company, nothing you do will protect you from their inaction or poor decisions.
I have begun to see these questions being asked of my small business clients by their sometimes much larger enterprise-class business customers and partners. These types of inquiries always seems to spur a business owner to action, with the risk of losing a big client because they find out you have not properly secured your network to protect them. This is how changes will take place, as customers and clients raise their expectations and demand proof that their records and accounts are properly secured. So speak up, and ask the hard questions, and listen to the answers. If they are speaking in vague platitudes, dig deeper. Threaten to walk. This is the way that change happens.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com