Account Cyber Security Checklist Details

1. Antivirus

Check that you have antivirus. 

In Windows > Search “Antivirus” > Click Virus & Threat Protection. The follow page will give you information on your antivirus and confirm that it is turned on. 

 

Make sure it isn’t expired. Make sure it is from a reputable company. Make sure it is on. Make sure it scans automatically.

2. Firewall
In Windows > Search "Firewall" > Click Firewall & network protection. The follow page will give you information on your firewall is on in the domain, private, and public networks. If these are turned off, you may have a physical firewall present in different locations. This question may be geared toward an IT person who handles these things as there are many ways the Windows Firewall can be turned off, but the physical firewall is handling the load. In a normal scenario, if you don't know - then you don't. 

3. Cloud Backup

Cloud Backup is different than Cloud Storage. Many people think Dropbox, Google Drive, Sharepoint, etc are cloud backups, when they are really storage locations. Imagine that every file in Dropbox got encrypted or deleted or an ex employee emptied old data you didn’t notice until it was too late. Where do you turn for BACKUPS? Popular cloud backup services include LiveDrive, Carbonite, iDrive, Backblaze, Acronis, SpiderOak One, Zoolz. 

Be sure to know whether these are file backups, or full image backups.

File backups, as the name implies would restore the files on your computer, but not the software itself. These would be PDF’s, 1040’s, 1120’s, Excel sheets, and things of that nature. This type of backup is limited in that if you had Quickbooks Desktop, Tax Act, Drake, etc installed locally on your computer, you wouldn’t be able to restore with a file backup. The advantages are they are faster and usually contain what an accountant is looking for when doing a recovery. 

Image backups are essentially a snapshot of exactly what the computer looked like at the time of backup. These not only include individual files, but operating system files, and programs as well. These restorations can take longer and use up more space, so they tend to cost more to maintain as well. When there is a specific line of business software that is manually installed on a computer or server, these are good options.

4. On Site Backup

On Site Backup comes in varying forms. A very simple form of on site back up would be moving files to a thumb drive. While this isn’t recommended and a manual process that often gets forgotten, it does count as “something.” However, if you end up needing to do a restoration from a thumb drive, then discover that you hadn’t done a backup in 4 months, you won’t feel that much relief missing the last few months. 

A little better version would be the external hard drive and setting up some sort of automated backup software. You will need to be sure that these backups are tested. In the same scenario as above, you don’t want to find out your backups have issues when you need them, you want to discover and remediate before the problem happens. This is where having someone who looks over these things for you is very important.

If your IT person (or if you are adventurous) set up a NAS, this would be an example of an on site backup. These are much faster when it comes to restoration as you are moving files via direct connection USB wire vs internet which can take a very long time to download and upload. The major disadvantage to on site backup is that if there is a fire and you lose your data, the backup will most likely also be lost in the same accident. 

This is why it is recommended to have both cloud and on site backups running so no matter the disaster that occurs, you have some form of recovery and don’t lose your business entirely.

5. Windows Patch Management

Type “updates” into the search bar and click Check for updates. The next screen will tell you the last time it was checked and if you have an organization who is responsible for it. If you do not see “Some settings are managed by your organization” then it is YOUR responsibility to keep these up to date.

Patch management is checking to see if your computer has all vulnerabilities plugged. Every 2nd Tuesday of the month, Microsoft releases big patches that should be applied as soon as possible. These patches can interfere with local software, so it is always important to test updates before doing a large deployment. Imagine if your firm had 50 employees, all using QB Desktop, and Microsoft releases a patch that causes QB Desktop to crash. All employees are scrambling to get any work done, and the only remedy is a long system restore.

The same is true with not applying the patches at all. In this scenario, there is a Windows vulnerability that has been detected and fixed, but your computer hasn’t applied the fix yet. Hackers gain access to the computer, and steal your clients’ information while everything looks fine on the surface. Then dealing with a data breach is a whole other can of worms.

6. 3rd Party Patch Management

7. 2 Factor Authentication (2FA) or (MFA)

8. Drive Encryption

9. VPN

10. Written Data Security Plan

11. Complex Unique Passwords

12. Non-Identifying Wifi

13. Monitor EFIN / PTIN for Abuse?

14. Anti Phishing Toolbar

15. Avoid Accessing Email On Public Wifi

16. Portal For Clients To Upload Secure Documents

17. No Default Passwords

18. Auto Logoff Screensaver

19. Security Awareness Training

20. Spam Filtering

21. Remote Access Turned Off

2. Firewall
In Windows > Search "Firewall" > Click Firewall & network protection. The follow page will give you information on your firewall is on in the domain, private, and public networks. If these are turned off, you may have a physical firewall present in different locations. This question may be geared toward an IT person who handles these things as there are many ways the Windows Firewall can be turned off, but the physical firewall is handling the load. In a normal scenario, if you don't know - then you don't.