Safe Driving? Is Your Lap Strapped In?
September 1, 2006 from webCPA – “If you think this article doesn't pertain to you, your firm, or your clients-either because your business is too small, too big, or because it's the perfect size for guarding against IT security threats-think again.
Security woes even hit computer security software company McAfee, which in February had to warn some 9,000 current and former employees that their names and Social Security numbers were on an unencrypted CD that was lost after being left on a plane by an employee of auditor, Deloitte & Touche.
That same month, Ernst & Young confessed to some of its clients that their Social Security numbers and other personal data were lost on a laptop stolen from a locked car belonging to one of the firm's employees.
And closer to home, in May the American Institute of CPAs had to tell its approximately 330,000 members that a hard drive containing their Social Security numbers and other data-sent out for repair in direct violation of the AICPA's internal control procedures-was lost in transit by FedEx.
That faux pas was particularly galling since this year's rendition of the AICPA's Top Ten Technology list ranked information security as the No. 1 technology issue.
"From the standpoint that every AICPA member was affected, if that doesn't serve as a wake-up call for CPAs, I don't know what will," says Susan Bradley, a recognized IT security expert who is a CPA and partner at Fresno, Calif.-based Tamiyasu, Smith, Horn and Braun Accountancy Corp., where she is the network administrator.”
The article gives some suggestions to improve security:
"Most firms think they have a good firewall, so they think they're not at risk," he says. "But many are using consumer-grade firewalls that are not updated or not strong enough to protect their networks."
Higher levels of protection are available from companies like Sunnyvale, Calif.-based SonicWall and WatchGuard Technologies of Seattle, Johnston and others say.
SonicWall's "unified threat management" technology features solid-state firewalls and VPN appliances that incorporate anti-virus, anti-spyware, and network-intrusion prevention features for both wired and wireless networks. It also provides constant monitoring of firewall performance, Johnston says. Similar features are available through WatchGuard's firewalls.
IT managers also need to ensure proper installation of firewalls, and that all crucial network ports are properly protected.
"Many times firms pay extra fees for a firewall installer, and [do] not realize that firewalls weren't installed correctly," Johnston says. "Installers will leave ports open, making a network vulnerable to attack-for example, file transfer port 21, Internet browser port 80, or mail port 25. They all need firewalls."
The growing popularity of wireless networks, along with the growth of Microsoft's Mobile 5 wireless devices, is coinciding with more options for securing wireless operations. For one thing, users should make sure they're using the security pack that is available with Mobile 5 devices, experts say.
Accounting firm Abalos & Associates in Phoenix uses the Sentinel S3 USB key from Mesa, Ariz.-based Sweet Spot to control access to laptops and other mobile computing devices, says Cheryl Folkerth, a CPA and technology manager at Abalos.
The S3 key, which a user must insert into a computing device to access the firm's wireless network, incorporates two-factor authentication that involves 128-bit encryption along with a user-defined PIN. It also integrates a secure virtual private network, or VPN, tunnel to encrypt critical data being transferred between client and host computers.
"No one has been able to get onto the wireless network without the USB key," Folkerth says.
SonicWall also provides a SonicPoints system of securing multiple access points throughout a wireless network, which Johnston says he has used successfully. A SonicPoints system can be configured, managed, and updated through a centrally managed SonicWall security application.
Another tool for protecting laptops is Palo Alto, Calif.-based PGP Corp.'s PGP Desktop, which encrypts an entire hard drive. "If the laptop is stolen, it has no data value," Johnston says.
But technology applications alone aren't sufficient to protect wireless networks, experts say. At Tamiyasu, Smith, IT security chief Bradley enforces a multi-part policy that dictates how employees can access the firm's network. Employees working remotely must not use a public kiosk or any other computing device other than their own anti-virus-software-loaded machine.
Her accounting firm also has remote employees access the Remote Web Workplace, a feature built within Microsoft's Small Business Server 2003, which ensures that sensitive data can't be downloaded to computers outside the office. "They can view but not download the data," she says.
While e-mail has done wonders for improving the service that accounting firms can offer their clients, it also presents huge risks for stolen data when e-mailed client communications are not encrypted.
"Not encrypting e-mail is a glaring error among businesses," Johnston says. If a hacker knows a CPA firm's URL and corresponding IP address, he can figure out how to receive a copy of all e-mail traffic a firm sends its clients, he adds. "A firm's e-mail might reach the right client address," Johnston says, "but the firm won't know if it also reached another destination."
Technology such as AMPLock encryption from Madison, Wis.-based SmartSoftKey, can ensure that only intended recipients can receive and unlock e-mail messages and files, Johnston says. AMPLock integrates with Microsoft Outlook.”
180 View – This article includes the following point - “The realm of security technology is still like the Wild West to most people, with hucksterism and snake oil vying side by side with really well throughout security software and hardware-based tools” Huge investments are being made or will be made to improve security by organizations across the country. Hopefully, you’re not being sucked in by the hype, but investing in practical solutions that are justified based on the risks.
September 1, 2006 from webCPA – “If you think this article doesn't pertain to you, your firm, or your clients-either because your business is too small, too big, or because it's the perfect size for guarding against IT security threats-think again.
Security woes even hit computer security software company McAfee, which in February had to warn some 9,000 current and former employees that their names and Social Security numbers were on an unencrypted CD that was lost after being left on a plane by an employee of auditor, Deloitte & Touche.
That same month, Ernst & Young confessed to some of its clients that their Social Security numbers and other personal data were lost on a laptop stolen from a locked car belonging to one of the firm's employees.
And closer to home, in May the American Institute of CPAs had to tell its approximately 330,000 members that a hard drive containing their Social Security numbers and other data-sent out for repair in direct violation of the AICPA's internal control procedures-was lost in transit by FedEx.
That faux pas was particularly galling since this year's rendition of the AICPA's Top Ten Technology list ranked information security as the No. 1 technology issue.
"From the standpoint that every AICPA member was affected, if that doesn't serve as a wake-up call for CPAs, I don't know what will," says Susan Bradley, a recognized IT security expert who is a CPA and partner at Fresno, Calif.-based Tamiyasu, Smith, Horn and Braun Accountancy Corp., where she is the network administrator.”
The article gives some suggestions to improve security:
"Most firms think they have a good firewall, so they think they're not at risk," he says. "But many are using consumer-grade firewalls that are not updated or not strong enough to protect their networks."
Higher levels of protection are available from companies like Sunnyvale, Calif.-based SonicWall and WatchGuard Technologies of Seattle, Johnston and others say.
SonicWall's "unified threat management" technology features solid-state firewalls and VPN appliances that incorporate anti-virus, anti-spyware, and network-intrusion prevention features for both wired and wireless networks. It also provides constant monitoring of firewall performance, Johnston says. Similar features are available through WatchGuard's firewalls.
IT managers also need to ensure proper installation of firewalls, and that all crucial network ports are properly protected.
"Many times firms pay extra fees for a firewall installer, and [do] not realize that firewalls weren't installed correctly," Johnston says. "Installers will leave ports open, making a network vulnerable to attack-for example, file transfer port 21, Internet browser port 80, or mail port 25. They all need firewalls."
The growing popularity of wireless networks, along with the growth of Microsoft's Mobile 5 wireless devices, is coinciding with more options for securing wireless operations. For one thing, users should make sure they're using the security pack that is available with Mobile 5 devices, experts say.
Accounting firm Abalos & Associates in Phoenix uses the Sentinel S3 USB key from Mesa, Ariz.-based Sweet Spot to control access to laptops and other mobile computing devices, says Cheryl Folkerth, a CPA and technology manager at Abalos.
The S3 key, which a user must insert into a computing device to access the firm's wireless network, incorporates two-factor authentication that involves 128-bit encryption along with a user-defined PIN. It also integrates a secure virtual private network, or VPN, tunnel to encrypt critical data being transferred between client and host computers.
"No one has been able to get onto the wireless network without the USB key," Folkerth says.
SonicWall also provides a SonicPoints system of securing multiple access points throughout a wireless network, which Johnston says he has used successfully. A SonicPoints system can be configured, managed, and updated through a centrally managed SonicWall security application.
Another tool for protecting laptops is Palo Alto, Calif.-based PGP Corp.'s PGP Desktop, which encrypts an entire hard drive. "If the laptop is stolen, it has no data value," Johnston says.
But technology applications alone aren't sufficient to protect wireless networks, experts say. At Tamiyasu, Smith, IT security chief Bradley enforces a multi-part policy that dictates how employees can access the firm's network. Employees working remotely must not use a public kiosk or any other computing device other than their own anti-virus-software-loaded machine.
Her accounting firm also has remote employees access the Remote Web Workplace, a feature built within Microsoft's Small Business Server 2003, which ensures that sensitive data can't be downloaded to computers outside the office. "They can view but not download the data," she says.
While e-mail has done wonders for improving the service that accounting firms can offer their clients, it also presents huge risks for stolen data when e-mailed client communications are not encrypted.
"Not encrypting e-mail is a glaring error among businesses," Johnston says. If a hacker knows a CPA firm's URL and corresponding IP address, he can figure out how to receive a copy of all e-mail traffic a firm sends its clients, he adds. "A firm's e-mail might reach the right client address," Johnston says, "but the firm won't know if it also reached another destination."
Technology such as AMPLock encryption from Madison, Wis.-based SmartSoftKey, can ensure that only intended recipients can receive and unlock e-mail messages and files, Johnston says. AMPLock integrates with Microsoft Outlook.”
180 View – This article includes the following point - “The realm of security technology is still like the Wild West to most people, with hucksterism and snake oil vying side by side with really well throughout security software and hardware-based tools” Huge investments are being made or will be made to improve security by organizations across the country. Hopefully, you’re not being sucked in by the hype, but investing in practical solutions that are justified based on the risks.
Labels: Security
posted by 180 Systems at 12:49 PM 
0 Comments:
Post a Comment
<< Home