Phishing Scams During Tax Season – Protect Your Personal Information

Phishing schemes, especially during tax season, have become very widespread.  A little extra caution can go a long way to avoid the threat of refund fraud or identity theft.

The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.

Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.

Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information!  If you receive suspicious emails forward them to phishing@irs.gov. Never open an attachment or link from an unknown or suspicious source!

IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.
  • Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.

Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”

Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

 TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.

How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.”3

Additional Scam-Related Information:

Security Summit – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.

IRS Security Awareness Tax Tips

Tax Scams — How to Report Them

State ID Theft Resources – State information on what to do if you or your employees are victims of identity theft.

IRS Dirty Dozen – The annually compiled list enumerates a variety of common scams that taxpayers may encounter

 If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:

  • Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: irs.gov/pub/irs-pdf/f14039.pdf.
  • Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.

After doing that, make sure to:

  • Update your files with records of any calls you made or letters you sent to the IRS
  • Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
  • Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report

 

Sources and References:

1 http://www.vanderbloemengroup.com/articles/irs-impersonation-telephone-scam

2 http://www.irs.gov

3 http://www.irs.gov

http://usa.gov/business-taxes

http://www.aarp.org

https://taxadmin.org/

https://treasury.gov/tigta/

Spring Cleaning? 4 Options for Discarding Old Hardware

Whether replacing old equipment with something new or simply cleaning out the office and getting rid of some old devices, we all have the same question on our mind.  What do we do with all this old technology?

We live in a world where technology is considered obsolete after only a few years. And if you are like many people I know, you have a drawer, closet, or room full of old devices. Unless you want to make a guest appearance on “Hoarders,” it is best to discard them. But how? You can’t just bring it to a landfill. (Those toxic materials regulations will get you every time!)

Before considering what to do with the old devices, it is vital that all data is properly removed. Simply deleting them from your recycle bin won’t do the job. Even if you can’t see the files, they still exist on the hard drive. It is therefore important to have the hard drive wiped or destroyed. Here at Bryley, we perform data erasure crush the drives to ensure the data doesn’t fall into the wrong hands.

We have come up with 4 possible options when discarding old hardware:

  • Reuse/Repurpose – Since many devices use similar parts, you may consider keeping one or two spares. Accidents happen and you never want to be in a situation where you don’t have a backup device. I, personally, keep one prior phone and laptop, just in case. I would rather have it and not need it, than not have it and need it.
  • Donate – Why not help those that are less fortunate by donating a device you no longer need. There are many organizations that would love to have second-hand items. When it comes to donating mobile devices, I usually drop them off at my local police station for either Phones for Soldiers or for those in domestic violence situations. Phones for Soldiers will sell the phones to purchase phone cards so that members of our military can stay connected with their loved ones. The police will often give old phones to individuals living with domestic violence. These phones can be used to contact emergency personnel even if there is no SIM card. Here at Bryley, we take older PCs, wipe them and display them in our window with a request for $15 to be donated to the Hudson Food Pantry or the Hudson Boys and Girls Club.
  • Donating to an after-school program is another great option. Some children do not have a reliable computer at home. It can therefore be challenging for them to complete their coursework.
  • Recycle – Recycling your devices is another viable option. Here at Bryley, for a small fee, we will responsibly recycle your devices and ensure that it is properly taken care of. Most stores that sell computers, and towns that have a program for responsibly disposing of your devices, will help you recycle your devices. They follow specific EPA protocols for disposing of the toxic materials within computers, laptops, printers, and mobile phones. Most towns have set dates for these programs, so it’s best to contact your local DPW (Department of Public Works) to inquire when the drop-off program will next be available.
  • Sell – Another option when considering getting rid of old hardware is to sell it. Technology is a depreciating asset, so if someone is willing to pay you for a device that you were going to dispose of, why not do it? There are numerous outlets for selling your old devices – Craigslist, Gazzelle.com, and eBay, to name a few. You can always leverage your social network as well.

If you would like assistance in donating or recycling your older devices, call us at 844.449.8770 or email us at ITExperts@Bryley.com. We are here for you.

Bryley Basics: Password Protection

Passwords are typically stolen during what’s called a phishing attack.

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate, so beware!

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.

Another way passwords are stolen is simply due to the face that some people use weak passwords.  If it’s easy to guess your password, then you have put yourself at greater risk of suddenly becoming a victim.

So, how do you stop someone from stealing your password?

First you will need to be aware of what real websites look like so that you know what false ones look like. If you know what to look for, and are suspicious by default each time you enter your password online, it will go a long way in preventing successful phishing attempts.

Each time you get an email about resetting your password, read the email address it’s coming from to make sure the domain name is real.  It usually says “something@websitename.com.   For example, “ITsupport@YouBank.com” would indicate that you’re getting the email from YourBank.com.

However, hackers can spoof email addresses too. Therefore, when you open a link in an email, check that the web browser resolves the link properly.

If you open a link that appears as “YourBank.com” and the link changes to “SomethingOtherThanThat.com, then you need to exit the page immediately.

If you’re ever suspicious, just type the website URL directly into the navigation bar. Open your browser and type “YourBank.com” if that’s where you want to go. This way you can ensure that you are on the legitimate website, and not a fake one.

Another safeguard is to set up two-factor authentication (if the website supports it) so that each time you log in, you not only need your password but also a code. The code is often sent to the user’s phone or email, so the hacker would need not only your password, but also access to your email account or phone.

If you think someone might steal your password using the password reset trick mentioned above, either choose more complex questions or simply avoid answering them truthfully to make it nearly impossible for a hacker to guess.  Simple passwords need to be avoided, it’s that simple.  If you need help remembering your complex passwords, you can store your passwords in a free password manager.

It is always advisable to store sensitive information like your credit card or bank details, within online accounts that are hosted by companies you trust. For example, if an odd website that you’ve never purchased from before is asking for your bank details, you might think twice about it or use something secure like PayPal or a temporary or reloadable card, to fulfill the payment.

When in doubt, don’t click.  Legitimate organizations will not ask you to disclose personal data via email.

March 31st is World Backup Day – Create a Properly Planned Backup Process

With March 31st being World Backup Day, it only seems right to talk about the importance of having a well-planned backup process.  Every day we read about malicious attacks on organizations, and there is no doubt that these attacks, especially ransomware, will continue to grow drastically in 2018.

Ransomware is a form of malware based on encryption software that seeks payment (ransom) to undo the damage it causes; when infected, the malware typically encrypts all data files, rendering them useless until the ransom is paid.  Encryption software scrambles a files’ contents and creates an encryption key, essentially a code used to reverse the process.  Unless you have this key and the encryption software, the files remain unreadable.

Ransom prices will vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoins.  Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards.  Paying the ransom is risky, and not recommended.  It will not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system, and it potentially will make you more of a target in the future.

The only way to thwart ransomware is by restoring the corrupted files through a backup that was created before the infection.

A properly planned and implemented backup process is vital since data stored on a network server represents many hours of effort over time, making it impractical and usually impossible to recreate.  A properly functioning, multi-point-in-time backup is necessary to provide restoration under these and other scenarios:

  • A server fails
  • A file is deleted
  • A template is written over
  • An application upgrade fails and must be restored
  • A document is inadvertently changed and saved by a user

A backup should be a complete, recoverable copy of not just data, but the entire server/network environment.  It should have these properties:

  • Sequenced over many days
  • Complete image
  • Offsite storage

If you’re ready to get serious about protecting your business data, select a talented company, like Bryley Systems, to help you implement a Backup/Data Recovery solution to eliminate weak links in your security chain.  Let us help you develop an organization-wide policy to help prevent data loss.  Please contact us at 978.562.6077 or Email us today.  We are here to help.

5 Reasons You Need a VPN Policy

The security of your business is heavily dependent on the ability of employees and executives alike to stay safe wherever they go. They need to make sure their online activities remain unimpeded and that public networks don’t become a data leak risk. Such a leak could damage your company’s reputation and set your business back months.

One of the main tools used to help businesses overcome these obstacles is a Virtual Private Network (VPN), which is a service that can connect a user to an offsite secure server using an encrypted connection. The encryption allows people to keep themselves safe from hackers on public networks (or any unsafe network). The server hides their IP address, allowing them to keep their activities anonymous and get access to restricted or blocked websites.

teamwork

All of these things are great, but VPNs can also cause confusion if not used uniformly or correctly. A “bring your own VPN” policy can prove disastrous for several reasons. Your business needs a standard policy, and here are the five main benefits of instating one:

You Can Better Manage the Configurations

Sometimes VPNs need to be managed to work best for the company. If you have a universal VPN policy or even a universally proscribed VPN for employees (in which case it would be recommended to provide access with company funds to facilitate control), then you can know that everyone has settings acceptable to the interests of the company by making those mandatory settings clear. No one will feel as though another has an unfair advantage as well.

You can use these to limit access to certain websites or regions, or simply help people who don’t know better maximize their speed and access. This kind of plan is absolutely essential if you plan on setting up your own VPN server at your company (although this should only really be done by large organizations), as messing around too much can make things more difficult for other users. It might be worth it to include a “tips and tricks” section next to them.

Uniform Universal Access

Any business should know what their employees are capable of not only in their skillsets but in the tools they are using. If you don’t have a general VPN for the company and everyone is just using their own, you might find that someone’s tool isn’t up to par with what the company needs. In the worst case scenario, someone might download a VPN application that is malware in disguise, not checking up on the service first. This could lead to a massive data breach in addition to dropped communications at a potentially crucial moment.

If your company decides upon a singular (and well-reviewed) VPN to work with and provides access or subscriptions to all relevant employees, then it will be easier to work with those remote and travelling employees knowing that they all are getting the same level of access. Chance and circumstance will be removed from the equation, and your IT specialists will be thanking you for months.

Exact Knowledge of Security

If you have a strong VPN policy that is regularly enforced, you can work under the assumption that all employees using a VPN will have a set level of security wherever they go. This allows you to send and receive sensitive information with much less risk, because unfortunately not all VPNs are created equal.

You don’t want some employees vulnerable to cyberattacks and cyberespionage while others are fine. They might feel emboldened in their security practices by the fact that they use a VPN. In your policies you need to reiterate that danger doesn’t go away entirely due to VPN use, and by having company-wide policies, you can focus on what dangers still prevail. A VPN policy will remind people that it’s not a panacea, but it should always be used.

Rules and Guidelines

People use VPNs for different reasons. Some of those reasons are strictly security related, and others are related to torrenting or pirating files. Most people wouldn’t think to download the latest box office hit on their VPN at the office, but such things do happen, and you need to be prepared for any situation.

If you have a VPN policy, then your company can clearly spell out what VPNs are to be used for and what is acceptable online behavior. Some of it can relate to already existing technology guidelines, but even those should be reiterated in your VPN policy (it won’t do any harm). No one will be able to say they didn’t know better, and clear action can be taken if these rules are broken.

Usage Control and Easier Management

Something you will want to take into consideration is who you allow to use a VPN. If your company is providing VPNs and has strict rules surrounding them, you should only allow employees to use them, not friends and family members. They might have good intentions but later cause a data breach or other critical issue down the line.

A policy will allow you to manage potential issues such as these with little difficulty, and having a pre-selected VPN and policies means that you or someone else can spend less time learning about different VPNs and more time focusing on a single one to optimize. You will be better able to know about potential activity and potential problems, letting human concerns take the forefront.

phoneBlue

VPN guidelines aren’t too difficult to come up with, and in the long run, they will save any business a good deal of time and resources. Implemented correctly, employees won’t have any problems adjusting to them and the company will be safe with a full array of useful information available at all times.

Do you think there are any other reasons that a company should have VPN guidelines? Do you have recommendations of your own that you would like to share with your fellow readers? Any stories regarding a “bring your own VPN” policy that didn’t work out? The sharing of information makes us all improve, so please leave a comment below and continue the conversation about this important tool.

By Cassie Phillips
SecureThoughts.com

The Internet of Things: Convenience vs. Risk

The Internet of Things (IoT) is everywhere.  These convenient devices are in our homes and offices as well as in our pockets.  Along with the convenience they provide there are some security risks associated by using these devices.  There have been a number of known security breaches reported in the news regarding this topic, and those breaches included massive distributed denial-of-service (DDoS) attacks, and botnet hijacking attacks which have caused major disruption to organizations.

What is potentially affected?  All those devices that communicate and can be accessed via the Internet based upon their IP addresses.  That would include traditional office equipment such as copiers, printers, video projectors, and even televisions in reception areas.  Some of the less obvious devices would be climate control, motion detection systems and security lighting systems which are equipped with remote access can be controlled over the Internet. And, don’t forget the smartphones and smartwatches – these personal devices play a role in a company’s security.  These devices create access points and the best way to be secure is to define a policy to put protections in to place.

Many IoT devices are produced with the very basic software, which often can’t be updated.  As people become more aware of risk, some IoT devices are being brought up to current security standards with periodic firmware updates.  It’s a good start, but the majority of internet-ready devices cannot be integrated into the conventional IT hardware or software protections with which companies protect themselves against internet-based attacks. The variety of new internet-ready devices brings a mass of new data traffic to the network that must be managed and secured by IT departments. But it’s complicated by the variety of network protocols used by all of these various device types.  These devices are being used for personal and business and sometimes the lines of use will cross.  The integration of personal devices will pose a security risk simply because more and more attacks on companies are started against individual employees. As an example, if a device is infected with malware or a virus, it can be used to gain traction and then wreak havoc when it connects to the company’s network.  The tricky part is defining who should be responsible for IoT security – however, it is an important step.

The first consideration you need to make is whether or not connecting a particular device will be a large enough benefit to be worth the inherent risks. Depending on the device, an IoT device could be used to spy on you, steal your data, and track your whereabouts. If the device in question directly offers you a helpful, worthwhile utility, it may be worth the risk. If the connected device serves little purpose beyond its novelty, or its purpose could just as easily be managed by a staff member, it is probably best to leave it disconnected.

By taking inventory you have a benchmark as to all the devices that will connect to the Internet.  An organization should evaluate every single device that is added to the network.  Desktops, laptops and servers are generally tested extensively but mobile devices should also be added to the list.  Oftentimes devices are ignored even though they actively communicate over the network, and strict attention should be given to those devices that send data.  It’s very important to set guidelines for the use of IoT devices.  Be sure to define which devices are permitted on the company network and what data exchange with the network or Internet is desired.  The proper security technology will prevent unwanted traffic.

IoT introduces additional complexity for security.  Organizations are advised to monitor the data traffic to and from IoT devices in their network. Perimeter-based solutions are not adequate in today’s IT environment because users and apps can no longer be contained inside a organization’s network, behind a clearly defined protective wall.  Organizations need to evaluate new security concepts that have already proven reliable as workplace tools of mobile employees and remote offices.  For example, a protective shield from the cloud can scan all incoming and outgoing data traffic for malicious code, regardless of the device used.  With cloud solutions, organizations gain control of all internet-based traffic and can actively manage which communications are permitted or should be blocked. This can include preventing the printer from automatically ordering toner and restricting all other devices to a minimum amount of communication on the web. You should also make sure that the environment that you are using an IoT device in is as secure as possible. Making sure that your firmware is updated will ensure that you have the latest security patches and fixes for the various exploits and vulnerabilities that the IoT may present. If possible, this process should be automated so that your IoT devices, as well as your router, are fully updated.  It may also be a good idea to check if your router supports guest networking. With guest networking, you can keep potentially risky IoT devices off of your main business network, protecting its contents.  Organizations should always make sure that passwords are in line with best practices, and that you are not reusing passwords between devices and accounts. Following these guidelines means that even if one of your accounts is comprised, the rest of your accounts are safe behind a different set of credentials.

Ultimately, the best way to keep your organization safe from IoT issues is to establish rules regarding the use of these devices and monitor their permissions. Extending the consideration of whether or not a device needs to be connected, you need to establish if it even needs to be in the office. After all, a smartwatch can offer some business utility, whereas a smart trash can (which does in fact exist) does not.

Monitoring your organization’s network can help you identify if any unapproved devices have made a connection.

The Importance of BU/DR in the Manufacturing Industry

What would happen to your organization if plant production was taken to a halt?  How would you get it back up and running?  Or, could you?

Whether the disaster is caused by mother nature, a human error, a cyber-attack of some sort (and yes, there are many types), it can wreak havoc on your organization – it can even take the company down to its knees.  Each moment of downtime equates to lost dollars and lost customer satisfaction. Manufacturing firms have to effectively ensure that production and distribution is consistent.

Technology is used throughout manufacturing in many ways – to store data, run automated machinery on the plant floor, track inventory and support distribution. Your technology is intertwined with your business processes and if you suddenly weren’t able to use those processes, it could be a catastrophic situation.

A few scenarios of how a disaster can disrupt manufacturing, and what you can proactively avoid it.

Halt in Production.  Complex automated equipment and inventory tracking are just two processes that are severely influenced during a disaster. Do you have a recovery plan in place for a worst-case scenario?  Production logistics may be the most challenging area to recuperate, but having a strong backup and disaster recovery (BU/DR) plan safeguards data and allows for immediate access to mission-critical applications.

Whether your organization experiences a cyber-attack, or even a power outage that shuts down productivity for several hours, all of your applications used to run the automated machinery will not work because the system cannot connect to the network. Depending on the size of your plant(s), you could be facing up to millions of dollars in lost revenue and customer reimbursement.

BU/DR To The Rescue.  If your senior management team turned to a BU/DR expert – like Bryley Systems –  to assess the possible vulnerabilities associated with an outage and developed a proactive plan to recover and access data, your BU/DR provider would be able to access your data and apps to get your operations back up and running with a minimum amount of downtime.

Halt in Distribution.  Downtime is never acceptable when it comes to distribution.  All schedules must be strictly followed to satisfy delivery expectations. Customers don’t care if your warehouse floods.  They want to receive their order on time. Logistics management utilizes computerized tracking and ERP systems to understand how many products are stored and where they are at any given time to enhance product readiness and customer fulfillment.

Imagine this scenario – you work as an IT Director for a large New England pharmaceutical manufacturing company. Your network is more vulnerable to external hacker attempts simply due to the size of your business and the value of your data.   All of a sudden, your systems are corrupted with vicious malware and the entire database is inaccessible. To continue operations at your normal efficiency level and avoid downtime, your backup and recovery disaster plan kicks in to eliminate the malware and restore your plant data to where it was before the attack. Investing in a custom BU/DR plan serves as disaster protection ensuring your ability to move products to their destination.

The key to effective disaster recovery is planning ahead. Partnering with a BU/DR professional to support your critical infrastructure and resources adds additional layers of security and communication. When unexpected disasters strike, your recovery strategy will be there to save the day by restoring your data and reducing your downtime.

 

The Bryley BU/DR process:

  • For on-premise equipment, we deploy a BU/DR appliance onsite to provide local backup-and-restore capability and to speed recovery.
  • We take an encrypted image of your system and copy it to our data center.
  • We stream encrypted, differential changes from your site to our datacenter

Isn’t the survival and security of your manufacturing organization worth the investment of BU/DR?  Our team of experts will help you navigate through this process and implement the most effective BU/DR tailored to your environment and budget.  Contact us at 978-562-6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

How CPA Firms Can Benefit from Managed IT Services

Let security and confidentiality be your watchwords!

When it comes to safeguarding your CPA firm’s confidential data, there is zero tolerance for risk. CPAs rely upon various forms of technology to gather data – whether it is a tax return or an independent audit.

CPA firms have made great strides by implementing such technology as electronic data management systems, client portals, and cloud-computing systems. However, records maintained by CPA firms must remain confidential because of professional standards, statutes, and regulations governing record retention. Data breaches can happen in numerous ways, including the following: fraud, hacking, improper disposal of data, or even a lost or stolen device.

A CPA firm will need their IT department (or an outsourced Managed IT Services vendor) to implement and maintain a comprehensive list of data and network security controls. It is helpful to understand the basics:

Perimeter security. This first line of defense includes firewall and intrusion detection systems, in addition to intrusion prevention systems. These should be configured with appropriate restrictions to block and filter both incoming and outgoing Internet traffic.

Endpoint security. Endpoint security requires each computing device on a corporate network to comply with established standards before network access is granted. These measures protect the servers and workstations and include safeguards such as administrative access limitations and anti-virus protection.

Network monitoring. Part of the control environment should include a frequent and ongoing monitoring program for all IT systems.

What We Do

circles

Comprehensive Support Program™ (CSP) — Bryley provides ongoing, proactive maintenance and remediation support to ensure a stable, highly-available computer network. Our most-popular Comprehensive Support Program (CSP) consolidates all end-user devices (mobile and desktop), servers, and computer-network equipment issues into one, Bryley-managed, fixed-fee program. Among the many services delivered under the Managed IT umbrella, Bryley installs and manages all software updates and patches.

Secure Network™ (SN) – An ongoing, managed-IT service that prevents intrusion, malware, and spam from entering the computer network through its Internet gateway and can restrict web-site surfing to inappropriate sites.

Multi-Point Security Hardening Service™ (MPSHS) – A periodic review to harden your computer-network security by reviewing/updating policies and configurations and testing. With this program, Bryley Systems can help your organization comply with the technical aspects of Massachusetts 201 CMR 17.00.

If you are looking for a business partner to help you navigate the ever-changing technology and cybersecurity landscape, we’re here for you. For more information about Bryley’s full array of Managed IT Services, Managed Cloud Services, and Cybersecurity Services please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.