September 2018 Meeting Notes - Cyber Security-
/September 6th Meeting Notes Bulleted
By Melissa Barton
Cyber Security
September 6, 2018
President Kim Boaz opened the meeting with introductions. She asked what the participants want to get from the group. The primary responses were: support, networking opportunities, education, referrals and to learn a variety of ways to do things.
The topic was led by Kristy Cook, JD MPA.
Ms. Cook gave an overview of Cyber Security and ways we can all work on making our businesses more secure.
In this day and age of electronics, there is a good probability that our systems will be breeched sometime and we need to follow the best practices based on our needs and means to the best of our ability.
There are many steps that should be taken to help assure our systems are protected.
· Take inventory of all assets that are storing information; both hardware and software. Know where all the data is being stored, don’t forget paper storage.
· Follow the 3-2-1 back-up system; have 3 backup copies off all sensitive data on 2 different types of media and at least 1 needs to be off-line and at a separate location.
· Only collect information necessary to do your job, keep it safe and secure and only hold on to it as long as needed.
· Limit access to all sensitive information. Restrict who has access, dispose of data security (wipe hard drive and destroy it)
· If you have an external hard drive make sure no one can easily take the hard drive.
· Limit remote access to your system, only use for business with secure devices and limit what others can do and how long they can be in your system
· Authenticate Users: require strong, complex passwords, Store passwords security, don’t write them down or put into a spreadsheet or notes on your computer. Guard against brute force attach by limiting how many times someone can try to access your computer before they are locked out
· Encrypt Data – Keep data secure through its lifecycle. Encrypt emails, Wi-Fi, remote access, make sure stored safely.
· Segmenting – Only connect computers and enable file sharing when necessary
· When working with vendors require them to have security systems in place. For larger companies, include the right to audit their security protocols, have them list you as an additional insured on their cyber insurance, know where their cloud storage system is located.
· Use industry standard methods for security
· Monitor and Defend – Filter emails for spam and malware, use software programs to help detect issues and back up data
· Train all employees on security protocols
· Consider having cyber insurance
· Have a disaster recovery plan
· Include in engagement letter that their security is important and remind them not to send data via email or other un-encrypted method If they do, delete the email as soon as you can. Dropbox is a secure method of delivering data.
It was a good topic, reminding all of us need to be aware of the hazards out there and taking steps to protect ourselves, our business and our client’s data from cyber issues.
· Oct 4th meeting will be an open discussion on workflow. Come with questions/issues and ways of how you manage your business. Meeting will be at Meals on Wheels located at 7710 SW 1st Ave., Portland, OR 97219. 11:30-1:00 pm and it is a bring your own lunch style meeting.
· Meet our Members Event scheduled for Oct. 25th 4:30-6:30 at Meals on Wheels. This event is to invite CPAs, bookkeepers and accountants to learn about us.