CAMICO-CPA Professional and Employment Practices Liability Insurance
Member Login
Products Risk Management Services Get A Quote About CAMICO
 

Five Common Data Security Mistakes
CAMICO Risk Management Report for CPAs


Data security is a broad topic, but there are particular items to consider when developing data security policies for your firm. The following five examples of security mistakes occur frequently but can be prevented with a few protective measures.

1) Losing a portable data-bearing device and not reporting the loss immediately when client personal identity information is on the device. A recent study by the Ponemon Institute found that 39 percent of employees across a variety of professions had lost or "misplaced" a data-bearing device such as a USB drive, smart phone, or laptop computer. The more unfortunate part is that 74 percent of those employees did not report the loss immediately. They might be embarrassed or think they just misplaced the device and will find it soon, but firms should get their leadership and all other employees on board with a policy that calls for them to report losses immediately. The firm will want to begin the recovery process sooner rather than later, and some state laws require that clients be notified immediately following the detection of a client data breach.

2) Sending unencrypted email attachments of confidential data. The Ponemon study showed that 38 percent of employees send confidential data by unencrypted email attachments, and 48 percent of those are not sure about whether that practice violates company policy. The Internal Revenue Service now requires encryption of email attachments with a WinZip utility. About 46 states have data breach laws that require notices to be sent to all affected persons if confidential data is not encrypted and then compromised. It's important for the firm to develop a policy that requires encryption of all confidential files and attachments. Encryption of hard-drives and individual data elements such as Social Security numbers is also excellent protection.

3) Copying confidential data onto a portable drive (USB). The vast majority (87 percent) of employees knew about their company policy against doing this, but most of them did it anyway. CPA firms often have to do it, because they have remote employees, or employees who need to work outside of the office. My recommendation is to stick the drive into a computer on a regular basis, clean off the materials, and move them back into engagement files or wherever they belong. That will contain a potential loss to whatever is on the drive at the time it is being used.

4) Downloading personal software onto a company computer. The danger of downloading personal software is it often contains viruses or worms that can allow hackers to get into your computer. Never download free movies, music and other software unless the vendor and product are reputable (e.g., Adobe Acrobat). Most sites are not well maintained and are breeding grounds for computer viruses and spyware. Limit your Internet usage to legitimate websites only. Many illegitimate websites, foreign and domestic, exploit software weaknesses to install spyware on your computer. Playing online games on your work computer is also risky - many viruses are downloaded unknowingly that way.

5) Sharing passwords with co-workers. Most firms have policies forbidding the sharing of passwords, but almost 50 percent employees do it anyway. They trust their "best friend" co-workers too much. Some co-workers become problems, and the person who shared the password can then be blamed for the problems as well. Also, changing passwords often is important. Automated systems that require password changes at least every 90 days help in this regard. Changing passwords frequently will help minimize the damage done by problem employees who have someone else's password. Also, remember to use strong or complex passwords - a combination of both lowercase and capital letters, numbers and special characters such as @, & or #.

Having robust and updated data security systems in place is always a good idea. Many software companies issue software security updates to help ensure that your software is secure from most common threats that are identified, and most updates are applied automatically online. If your software does not have an automatic update feature, develop a business practice to check for the latest updates. Also, provide training on data security risks, policies and best practices for all firm members on a regular basis.

---------------------------------------------------------------------------------------------------------------------------------------------------

FREE REPORT - Enjoying the Benefits of Social Media While Avoiding the Detriments 

There are plenty of opportunities for CPAs participating in social media, but the risks need to be managed carefully to make the opportunities worthwhile. This report highlights the importance of having a social media policy for your firm, to address acceptable and unacceptable communications, and to help avoid the many pitfalls of social media.

CLICK HERE TO DOWNLOAD THE CAMICO REPORT  

 



---------------------------------------------------------------------------------------------------------------------------------------------------

ABOUT CAMICO

CAMICO Mutual Insurance Company was founded by CPAs in 1986, introducing a new way of approaching accountants’ professional liability insurance that focuses on helping firms reduce their risk exposure. In addition to comprehensive policy coverage, policyholders have access to a wide range of practice and risk management knowledge and tools, created by CPAs for CPAs.

Twenty five years later, CAMICO continues to be the leader in innovation in practice and risk management issues facing CPAs and in providing CPAs nationwide with new insurance options. Through its wholly owned subsidiary CAMICO Insurance Services (CIS), CAMICO offers an ‘A’ rated CPA insurance program that is administered by CIS.

Endorsed by state CPA societies and associations, CAMICO serves more than 7,800 accounting firms in 45 states and the District of Columbia. To learn more visit www.camico.com

FREE REPORT

Enjoying the Benefits of Social Media while Avoiding the Detriments

There are plenty of opportunities for CPAs participating in social media, but the risks need to be managed carefully to make the opportunities worthwhile. This report highlights the importance of having a social media policy for your firm, to address acceptable and unacceptable communications, and to help avoid the many pitfalls of social media.
CLICK HERE TO DOWNLOAD THE CAMICO REPORT  

 

 


      News Contact Us Testimonials Employment Report A Claim For Our Agents
 

       Copyright 2014 CAMICO Mutual Insurance Company. All rights reserved.  
       Coverage for the CAMICO program is provided by (i) CAMICO Mutual Insurance Company;
       (ii) Liberty Insurance Underwriters Inc., administered by CAMICO Insurance Services. 
      1800 Gateway Drive, Suite 300, San Mateo, CA 94404. Toll free 1.800.652.1772
  
Privacy | Terms & Conditions
                  

FOLLOW CAMICO