By: Randy Johnston, Shareholder, K2 Enterprises
Blog Series: Avoiding Infection—Prevention & Recovery (Post 4 of 4)
1) Explain your procedures for recovery: Hopefully, you never have to recover, but if you do:
a) Outline your reporting and shutdown procedure
b) Have everyone stay off of their systems until given the all clear
c) Unplug infected machines from the network
d) Explain how you intend to estimate the recovery time
e) Explain what systems are likely to be made available first
2) Consider other topics related to security: You probably don’t get your team together frequently enough. Take this opportunity to discuss other important security related matters such as:
a) Review the firm’s acceptable use and other computer policies
b) Encryption
c) Protection of portable computers and removable media
d) Properly handling USB devices from home or clients
e) Password strength and changes
f) Social networking site safety
g) Security of smartphones and tablets
h) Instant Messengers—AOL, MSN, Google Chat, ICQ
i) Weather Bug—should not be used
j) Personal email access from Gmail, Yahoo, or Outlook.com
k) Transferring documents to and from clients via your portal or secure email
Training is the best prevention
The best training is customized for each firm. Your staff should know how it is being protected and what the limitations of that protection are. Human Resources and IT should work together to deliver ongoing, regular documented training. In between regular training sessions, IT should inform staff of known high risk threats via alerts, whether that is through email, intranets, or bulletin boards. There should also be training required during new employee on-boarding since the next regular training might be months away, and the new employee might put the entire training program at risk unless they are educated. If you are from a smaller organization, your IT provider should be able to provide guidance. Otherwise, the ideas above can serve as a starting point for building your own security training agenda. Remember to hold an annual or semi-annual training session with your team to minimize risk of virus infection.
Mr. Johnston is a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial, and other business professionals across North America. You may contact him at [email protected].
Randolph P. (Randy) Johnston, MCS has been a top rated speaker in the technology industry for over 30 years. He was inducted into the Accounting Hall of Fame in 2011. He was selected as a Top 25 Thought Leader in Accounting from 2011-2014. His influence throughout the accounting industry is highlighted once again this year by being a recipient of the 2013 Accounting Today Top 100 Most Influential People in Accounting award for the tenth consecutive year. Among his many other awards he holds the honor of being one of nine technology stars in the U.S. by Accounting Technology Magazine. Randy writes a monthly column for The CPA Practice Advisor, articles for the Journal of Accountancy, and creates articles for both accounting and technology publications, as well as being the author of numerous books. He has started and owns multiple businesses including K2 Enterprises in Hammond, Louisiana and Network Management Group, Inc. in Hutchinson, Kansas. In 2010, NMGI announced their national support of CPA firms. His wife and four children enjoy many experiences together including theatre, music, travel, golf, skiing, snorkeling and model trains. His experience as a college instructor, management and technology consultant, and advisor to the industry will be obvious to you in today’s presentation.
Randy can be reached at [email protected], [email protected], 620-664-6000 x 112, via www.randyjohnston.com, www.technologybestpractices.com, www.nmgi.com, or www.k2e.com.