No one is safe. Not big credit agencies or large CPA firms (not even my former employer, Deloitte). Not hosting providers or the National Health System and even Target was a target... The big players have special facilities, plenty of resources, highly trained IT staff, and one would imagine, procedures that fill volumes. And yet, they were hacked.
How can the rest of us expect to protect that li'l ole server we have safely secured in the closet in our back office?
Do you fear the cloud? I fear the closet more.
If that server in the backroom gets hijacked, what resources can I bring to bear to recover the information? I might have data backups, but what about all of those applications I have to reload before I can be up and running. I don't have armed guards on that closet. What happens if an "intruder" walks in and spills their Diet Coke on my server? And what about those backups I'm making? Are they just incremental backups or full records? Are they usable? And where are they stored? Offsite or on? And how big is your budget for paying ransom in the event your data is maliciously encrypted?
As it turns out, what often stands between us and a cybercriminal is nothing more than a password, or a missing patch, or a single user error that spreads from system to system. Armed guards don't help in those situations at all - unless you use them to keep all of your employees completely out of their computers, or have them put down their weapons and start updating all of your software.
The right providers can implement steps to minimize intrusion - including two-factor authentication, stringent password conventions, and limited administrator rights. They can employ state of the art detection software to trap unusual activity the moment it happens.
But if we assume that hacking is inevitable, the question is what happens after that. How soon will an intrusion be detected? What containment measures will be applied? What resources will be applied in the recovery effort? Do you trust your solution provider to protect your data and your applications? And what is in the fine print of your contract or service agreement? How much expertise does your provider have and can they provide support around the clock?
At the end of the day, we need to know the humans who stand behind the companies with whom we entrust our systems, our data, and ultimately our livelihood. We must, after all, rely on those humans to protect us from ourselves.
By: Geni Whitehouse, CPA, CITP, CSPM
Geni divides her time between working as a winery consultant at Brotemarkle, Davis & Co in the Napa Valley and writing, speaking, and tweeting about what some might consider nerdy subjects. She is a co-founder of Solve Services, which provides remote bookkeeping services to companies in the wine industry. As a former partner in a CPA firm, two-time software company executive, and recent CMO of a tech startup, she has a passion for applying technology to solving business problems. She has been named a Top 100 Influencer by Accounting Today, one of 25 Thought Leaders in Accounting, and one of the 25 Most Powerful Women in Accounting by CPA Practice Advisor.