Cybersecurity & Compliance: Is Antivirus Enough?

0
117

A question that comes up a lot is, “I have antivirus on my computer. Isn’t that enough for whatever I (or anyone else) should need to protect my firm?”

Here’s an analogy that can help reframe the question (which perhaps we can relate to even more today!): “I have an immune system that fights off viruses and bacteria. Isn’t that enough so that I don’t get sick?”

The answer is no. It’s not enough.

It’s not enough because (among other reasons) computer systems, like the body, can’t protect against every type of threat on their own, and the threats ‘mutate’ all the time, faster than the antivirus programs can adapt.

Also, we know that the immune system can’t help if people don’t take care of their own body’s systems through proper diet, exercise, etc.

Malicious computer programs can use the computers’ systems against themselves, corrupting them and making them work against you. This is referred to in the industry as ‘living off the land’. Because these problems use the computer’s own systems, they are even harder to detect and sometimes steal information without being caught, by abusing specific programs. Think of it as blood pressure, cholesterol, blood sugar, etc. These perform vital functions that we need to live, but if the wrong things are allowed in the body, these life-giving functions can turn into dangerous threats.

Similarly, if staff isn’t careful about limiting the following: administrator access, where they go online, what emails they click on, what USBs they put in their computers, what online accounts require strong passwords, 2FA, etc., they are inviting slews of potential threats that can disable your firm, steal your client’s info, and more.

For these reasons, the IRS requires a written security plan based on a thorough risk assessment. As mentioned previously, they have now incorporated this requirement into the PTIN renewal process.

Like a doctor’s ‘checkup,’ it can help see the bigger picture of your firm’s security. Choosing a third-party provider who knows accounting businesses and their unique landscape (like Securex) is vital to help keep your firm be safe and healthy.