Cybersecurity: Tools & Strategies to Protect Yourself and Your Family

October is cybersecurity awareness month in the United States. Breaches continue to affect various aspects of our increasingly connected world: from fortune 500 companies to large municipalities and public utilities.

AAFCPAs urges clients to remain vigilant and to consider the following tools and strategies to protect yourself and your family:

Access Your Credit Report

The Federal Trade Commission received more than 2.1 million fraud reports from consumers in 2020, according to newly released data, with imposter scams remaining the most common type of fraud reported to the agency.

AAFCPAs advises clients to request your Credit Report annually, which is accessible free of charge every 12 months. To access your credit report, visit www.AnnualCreditReport.com or call 877.322.8228. Using this service is safe, free, and allows access to the three major credit agencies: TransUnion, Equifax, & Experian.

Review your report closely and ensure that the information is correct and up to date.

Consider Credit Freezes

As a Taxpayer, you are empowered to freeze your credit, or that of your minor children, as a measure to stop others from accessing your personal information and opening a credit line. Once you freeze your credit you will receive a personal letter in the mail from each agency, which will include a personal identification number (PIN) used to remove the freeze. The next time you originate a new credit line you can give the vendor access or remove the freeze temporarily or permanently. Links to freeze your credit are as follows:

Use Multi / 2-Factor Authorization

With Multi Factor Authorization, an extra layer of security is added to your account(s) to prevent someone from logging in, even if they have your password. This extra security measure requires you to verify your identity using a randomized code sent to you each time you attempt to log in.

You can choose to receive your security code through one of two ways: by text or voice call to your mobile phone (or an alternate phone number).

Secure Mobile Payment Services

From Apple Pay to Venmo and Paypal, transferring money has never been more convenient. Many clients are simply texting or tapping to pay the babysitter, the landscaper, the housekeeper, or splitting the dinner tab with friends.

But how can we ensure these applications are safe and secure?

  • Ensure passwords are complex and changed frequently.
  • If available, take advantage of 2-factor authentication.
  • Consider setting up a separate bank account to be linked to your mobile payment services. Leave just enough money in the account to make it useful and never allow balances to build up within these services.

Connected Home/Internet of Things

Internet of Things (IoT) innovations such as smart speakers, smart mirrors, video doorbells, robot vacuum cleaners, and wireless kitchen appliances offer convenience and connectedness. But do they offer security?

AAFCPAs’ IT Security Professionals advise clients to take an inventory of the smart devices in your home regularly and to consider risk mitigation measures to enhance security:

  • Ensure Smart Device passwords are as secure as banking passwords and diversify your passwords, i.e. don’t use the same, simple password for all devices in your home. Unwanted access through an IoT device can enable bad actors to penetrate your network further to access more valuable personal information.
  • More people rely on voice activated devices such as Amazon Alexa, Echo-Dot, and Google Home for quick internet searches, to play music, turn on lights or control temperature, and monitor security in their homes. How often have you been discussing something when days later you see ads for that very same thing pop up on your social media page? Smart Speakers like Amazon Alexa allow you to go in and delete voice history.
  • With many WIFI systems, you can review what devices are connected or recently connected. Clients are encouraged to review these systems periodically to ensure you know who is using your WIFI.
  • Ensure your wireless router uses a WPA3 or WPA2 enterprise encryption method if possible and strong passwords for each access point. Always change the default admin passwords provided by the manufacturer.
  • Use one WIFI entry point for family and smart devices and use another WIFI entry point for guests. Many WIFI systems have a guest access point and a main access point.

Social Media

For many users, Social Media offers an important way to stay connected with family and friends. However, it also introduces risks, including identity theft. Here are some best practices:

  • If you go away, consider that what you share while away (e.g. on vacation) may signal that your home is empty/available to target.
  • Explore the social network’s privacy settings and limit marketing material, who can see your updates, and who can access your public footprint.
  • Limit what you share. Social networks often collect, and even celebrate your personal information, such as your date of birth, your high school and college, your family, the town you grew up in. Every piece of information you put online may expand your risk for those interested in taking advantage of this data. Each data element is helping to build a more complete story for bad actors.
  • Be selective with incoming Connection Requests. Even if you recognize the person, remain vigilant as profiles are hacked all the time by imposters.
  • Beware of Phishing attempts, which are intentional attempts by imposters to get you to reveal sensitive information or to take action, such as sending money.
  • Lock your mobile devices and ensure they are only accessible with a strong password and/or biometrics. Your smart phone contains volumes of personal identifiable information. Security should remain paramount.

AAFCPAs reminds clients to be cyber smart. The best line of defense in protecting you and your family from risks is to remain vigilant and understand your vulnerabilities.

If you have questions, please contact Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.comJames Jumes at 774.512.4062, jjumes@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.