By: Randy Johnston, Shareholder, K2 Enterprises
Blog Series: Avoiding Infection—Understanding the Threat(Post 1 of 4)
Our K2 team of professionals takes great pride in teaching about the latest technology. We also try to be practical and realistic in our recommendations. Our team has some really spectacular people, including CPAs, and proficient technologists. During the past year, we have been warning that current virus attacks are more aggressive and invasive than any we have seen in the past. These attacks are frequently delivered via email, social media, such as Facebook, and embedded in PDF files. The anti-virus companies are having more issues keeping software ahead of the threats and the creators of viruses and malware are becoming smarter in their attacks. Even if your IT team or managed service provider is diligent in updating your firewalls and anti-virus (AV) signatures, your organization is still susceptible to attacks. So how do we minimize and mitigate this risk? And, why are we so concerned about attacks now when they’ve been around since the 80’s?
The first virus discovered was the Elk Cloner on the Apple II, in 1981, and the first PC virus, Brain, was reported in 1986. Some key things to know about viruses include:
- This year will bring new virus attacks with the discontinuance of security updates for Windows® XP® and Office® 2003.
- Aggressive viruses like Cryptolocker are charging ransoms for an unlock key after systems have been infected. CPA attendees at our webinars report these keys work and have been worth the amount charged.
- Viruses exploit weaknesses in operating system controls and human patterns of system use/misuse.
- Destructive viruses are more likely to be eradicated by anti-virus software.
- Key-logging viruses transfer information from your system(s) to the authors. This can include user IDs and passwords, bank account information, and other confidential data.
- Non-destructive viruses remain resident on your systems and slow your operations day after day.
- An innovative virus may have a larger initial window to propagate before it is discovered and the “average” anti-viral product is modified to detect or eradicate it.
Infected systems are normally unusable during the recovery period. Viruses make attempts to hide intelligently and re-infect the systems where they have made initial entry. It may take up to 72 hours to completely eradicate the viruses from your systems and to restore all of your files to usable states. What will you have your team do while its computers are not working? How do you teach staff to be careful in the first place?
Have end users attend regularly scheduled and ongoing prevention training. This training should be documented by human resources, so that there is a permanent record of training. This provides for accountability and liability protection. An employee should sign an acknowledgment that training has been received and understood. Such training should include customized, basic training for your firm, especially since firms have unique virus protection strategies. All team members of the firm should be required to attend—from the janitor to the CEO/Owners.
Randolph P. (Randy) Johnston, MCS has been a top rated speaker in the technology industry for over 30 years. He was inducted into the Accounting Hall of Fame in 2011. He was selected as a Top 25 Thought Leader in Accounting from 2011-2014. His influence throughout the accounting industry is highlighted once again this year by being a recipient of the 2013 Accounting Today Top 100 Most Influential People in Accounting award for the tenth consecutive year. Among his many other awards he holds the honor of being one of nine technology stars in the U.S. by Accounting Technology Magazine. Randy writes a monthly column for The CPA Practice Advisor, articles for the Journal of Accountancy, and creates articles for both accounting and technology publications, as well as being the author of numerous books. He has started and owns multiple businesses including K2 Enterprises in Hammond, Louisiana and Network Management Group, Inc. in Hutchinson, Kansas. In 2010, NMGI announced their national support of CPA firms. His wife and four children enjoy many experiences together including theatre, music, travel, golf, skiing, snorkeling and model trains. His experience as a college instructor, management and technology consultant, and advisor to the industry will be obvious to you in today’s presentation.
Randy can be reached at [email protected], [email protected], 620-664-6000 x 112, via www.randyjohnston.com, www.technologybestpractices.com, www.nmgi.com, or www.k2e.com.