The user usually has no idea his or her computer has

Info icon This preview shows pages 4–6. Sign up to view the full content.

The user usually has no idea his or her computer has been infected, and the malware can stay dormant for months before it is used to steal data, including passwords, or to take over systems. Another scary fact is that the bad guys no longer need technical expertise to write the malware. That’s because virtually anyone can purchase malware online; all that is needed is malicious intent and a few hundred dollars. Vulnerabilities Misfortune Cookie, Poodle, Shellshock, Heartbleed, Freak, Venom, Logjam. This isn’t the band lineup for the latest Lollapalooza rock concert. These are the names used to identify recent computer vulnerabilities that millions of computer users are exposed to. A vulnerability is a flaw or weakness in a system Each organization should have appropriate business continuity and disaster recovery plans that include specific incident-response procedures. that hackers can exploit. In today’s world, software is written and released much more quickly than ever before, so the risk of security holes is naturally greater. The vendor must provide an update or patch to close the hole, and then systems must be updated. For many years, most vulnerabilities were found in operating systems (Windows XP, Windows 7, etc.), but individuals became accustomed to setting systems for periodic updates, somewhat diminish- ing the number of weak systems. So the criminals took a new approach and began to look for vulner- abilities in applications including Adobe Flash and Java, a common application module. Many individuals and organizations never update these applications because they are unaware of the risk. The vulnerabilities discovered each day are astounding. These are known as zero-day vulnera- bilities because a remedy is not available at the time of discovery. Organizations must keep everything— servers, workstations, laptops, routers, switches, firewalls, and even mobile devices—updated all of the time. This is a daunting task. A 5-PRONG CYBERSECURITY BATTLE PLAN Cyberrisks are so great these days that manage- ment must get involved to ensure that appropriate mitigation strategies are in place. W hat can CPAs and other business leaders do? The following five steps are a good start. Accept that your organization is at risk This cannot be emphasized enough. CEOs, CFOs, boards of directors, managing partners, and other organizational leaders need to see cybersecurity as the huge issue it is and devote adequate resources journalofaccountancy.com April 2016 i 61
Image of page 4

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

TECHNOLOGY Improving cybersecurity starts with accepting that your organization is not immune and educating yourself on the biggest threats. About the author LisaTraina ([email protected] trainacpa.com) is the founder and owner ofTraina & Associates, which provides information systems and IT security audit and consulting services to business clients.
Image of page 5
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern