As data theft and similar online security breaches grow in both frequency and sophistication, more CPA firms have vowed to make it security a priority for 2012 and beyond.

Technology consultants and researchers agree that some of the current and commonly seen security threats to firms stem from their increased use of mobile devices, particularly those on multiple platforms. Adding to that heightened risk is a reluctance by firms to upgrade from older, unsupported operating systems, a decision that places them at greater rise for data loss, viruses and malware.

As an example, recent findings from Web analytics concern StatCounter showed that Windows 7 had become the most popular PC operating system in the world. It now exceeds Windows XP in terms of market share. But experts say that doesn't necessarily signal a dramatic decline of Windows XP, a good news/bad news scenario since XP has traditionally been vulnerable to security breaches.

"People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favorite target," according to Sean Sullivan, security advisor at anti-virus and computer security software company F-Secure.

The growing number of employees using multiple mobile devices for work - often their personal Androids, iPads, iPhones and Blackberries - are placed at a greater security risk. Rick Mark, senior manager of the technology services division at Los Angeles-based CPA firm SingerLewak, explains that it has become increasingly difficult for IT departments to support multiple devices - especially those that are Android-based, as there are more of them and that platform is less secure. At his firm, strict policies and network access controls are in place to keep SingerLewak's mobile workforce secure.

"Once you give a device to an employee, the assumption is the IT team will support [it] and that's not always the case," said Mark. "With the iPhone, it's one device. Blackberry is easy to know and support. But Androids have 30 models from 10 manufacturers and are not configured the same. Hands down, policy trumps all when it comes to IT security. Controlling what users can and can't see is the most important piece of IT security, and network access controls help implement the technology behind the policies."

Mark noted that SingerLewak now has a policy in place not to allow work use of any Android device, and is only accepting the use of iPhone and Blackberry devices.

THE BEST POLICY IS TO HAVE ONE

David Barton, principal and practice leader of the technology assurance and advisory services group at UHY Advisors, stressed that while there is no tool to keep a firm 100 percent safe from security threats, clear enforcement of policies on the use of all technology and platforms "goes a long way" in the prevention of security breaches and data loss.

Specifically, Barton advised firms of all sizes to have policies in place around the use of mobile and wireless devices or anything that will leave the office containing sensitive data; social media; and updated knowledge of malware and viruses.

• 1
• |
• 2
• |
• 3
• |
• next