Leaderboard

Excerpted from a long article in the CPA Journal : https://www.cpajournal.com/2018/12/06/icymi-the-equifax-data-breach/ Why Is This Breach Different? "Over the past decade, over 3 billion people’s personal information has been hacked from email providers like Yahoo or retailers like Target. The Equifax breach, however, is the first in which the “big four” personal security identifiers—name, address, birth date and Social Security number—were stolen from so many at once. These are the security authentication foundations for many commercial and other purposes (Robert Lemos, “Identity Verification Becomes Trickier in Wake of Equifax Breach,” eWeek, Sept. 11, 2017, http://bit.ly/2yMVLOu). Possession of these identifiers may increase two forms of identity theft: new account fraud and account takeover. In new account fraud, a criminal uses the identifiers and possibly other information to open new credit accounts in a person’s name; the target does not find out until his credit rating is wrecked after the bills go unpaid. The aggravation, costs, and time spent on the resulting credit repair can be significant. In account takeover, the criminal uses the four identifiers to impersonate someone for various purposes, including creating fraudulent transactions. To CPA firms, one of the more familiar frauds of this type is the filing of phony income tax returns to steal tax refunds. In some cases, local CPA firm computers have been breached, enabling thieves to successfully perpetrate this type of fraud. Recently, account takeover has been used to steal cell phone numbers, which can compromise multifactor authentication (MFA), an important cybersecurity best practice (Nathaniel Popper, “Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency,” New York Times, Aug. 21, 2017, http://nyti.ms/2jws7dq). MFA requires providing authenticating information in a manner different than the initial authentication; for example, some websites will, after the user has inputted her password, send a second verification code via text message that must also be inputted to log in. Another MFA method requires that the initiator make a call from a predetermined phone number; unfortunately, such a phone number can be imitated, and the security of the MFA rendered ineffective. Weak MFA approaches could lull CPAs into a false sense of security. Many accounting software programs rely on two-factor authentication for sign-in or to reset forgotten passwords, and an increasing number of these programs enable the electronic transfer of funds from bank and investment accounts. With this type of account takeover on the rise, it may be wise to revisit the use of cellphone text messages for MFA, as well as explore more secure approaches. In previous major breaches, the public attitude has generally been to accept the risk as the price of convenience. The Equifax breach, however, has taken public frustration over weak cyber-security to unprecedented levels (Ron Lieber, “Why the Equifax Breach Stings So Bad,” New York Times, Sept. 22, 2017, http://nyti.ms/2jvZvkT). The breach is beginning to instill general fear that the cybersecurity underpinning electronic commerce cannot be trusted." Recently, I talked to an Investment Adviser with Key Investment Services who was no longer allowed to email clients for any reason. Any emails sent to him had to go thru a security review process that significantly delayed his receipt of emails from clients. I have also read several articles where more than one highly regarded IT Security Expert said that he had stopped using email due to all the hacks and scams that are everywhere. Another article estimated that in a another year or two that in excess of 80 % of all emails worldwide will be generated by scammers & hackers. Be very careful out there, the world has changed. We will have to adjust.

Your guru must be older. We cloned all of our hard drives to SSDs with no problems. Well, a lot of programs like QuickBooks detected the hardware change and ask us to re-register, but that wasn't so bad. It used to be that windows got 'arthritis' and it was often better to start fresh and reinstall, but that hasn't been a problem for awhile.