Posts Tagged ‘Columbus Cybersecurity Series’

How To React To A Data Breach

Tuesday, August 2nd, 2016
Data Breach | Columbus Cybersecurity Series | Ohio CPA Firm

Would you be able to effectively manage the fallout of a data breach? If you aren’t sure, keep reading.

It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere.

Leaders of not-for-profit organizations and for-profit business owners would also find value in this resource, which outlines:

  • the events that resulted in the occurrence of the data breach,
  • the reaction of entity officials during and after the breach was detected, and
  • the short- and long-term outcomes that resulted from the breach.

While I strongly recommend that you read the entire case study, I provide a brief overview of the story below.

How would you respond to a data breach?

Library officials were notified of the occurrence of fraudulent activity impacting the entity’s checking account in March of 2013. According to the bank, the fraudulent activity appeared to be limited to three transactions, totaling $144,743. Fortunately, bank officials were proactive in their efforts to recall the transactions.

In an effort to avoid further fraudulent activity, library officials decided to disconnect the accounting workstations from the entity’s network and proceeded to contact their technology vendor, who advised the library proceed with reformatting both accounting workstations immediately. Soon thereafter, library officials contacted the local police station to report the incident, closed the entity’s existing bank accounts and opened new ones, and notified employees of the data breach as well as the board of directors.

Due to the nature of the breach, it didn’t take long before the Ohio Auditor of State’s office and the FBI were notified of the incident as well. And, in an effort to try and reclaim some of the money that was stolen, a claim was filed with the entity’s insurance carrier. Finally, the library’s bank was able to successfully recover $54,910 of the amount that was stolen. In 2014, when the case study was released, the library was still in the process of negotiating with the bank regarding $89,833 that was still missing.

So, what do you think? Would you say that the library officials were effective in their management of the data breach? What would you do if your company or nonprofit found itself in a similar situation?

Well, according to the FBI, the library could have handled the situation better. For example, the library should have not reformatted the workstations. The FBI and local police force should have been contacted immediately. And finally, the entity should have followed all instructions mandated by the bank to eliminate the possibility of such fraudulent activity.

Since it’s 2013 data breach, the library:

  • Is now required by the bank to follow the ACH Originator Agreement.
  • Has designated one stand-alone PC to be used for online banking.
  • Has requested online access from only one IP address
  • Has purchased a cybercrime policy.
  • Revisited its banking RFP to include a section regarding online banking security minimums.

Do you have a plan to help deter cybercrime?

The above scenario is just one of the countless cybercrimes that occur every day and every type of businesses, entity and organizations are being impacted. If you don’t have a plan in place to help prevent cybercriminals from infiltrating your network and stealing your data for financial gain, or a strategy to recover once a breach has been identified, you are in a very vulnerable position.

I believe that in order to protect against a cybercrime attack, it’s important to be armed with as much knowledge as possible. On Sept. 7, 2016, FBI Agent David Fine will be the featured presenter of part two of the Columbus Cybersecurity Series. During this portion of the presentation, attendees will hear real-life examples of attacks on businesses, including what schemes are prevalent today. Audience members will also discover the very real impact these attacks have on companies and what they can do to deter an attack from occurring in their own business or organization.

The Columbus Cybersecurity Series is free to attend, but registration is required. You can RSVP here.

By Joe Welker, CISA (New Philadelphia office)

Share Button

Phishing Scam Is A Threat To Ohio Businesses

Monday, March 28th, 2016
IRS Phishing Scam - Ohio CPA Firm

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information.

The Ohio Department of Taxation (ODT) is echoing phishing scam alerts made by the IRS earlier this month in an effort to protect businesses and employees state-wide from identity theft and tax fraud.

Read Also: Payroll, HR Departments Targeted By Cyber Criminals

According to ODT, payroll and human resources offices at companies nationwide – including some in Ohio – reportedly received emailed requests that appear to be sent from a high ranking member of the company’s management team requesting confidential payroll data. While the emails appear to be legitimate, they are actually being sent by cybercriminals who are looking to fool employees into sending them detailed payroll and W-2 information. The imposters then use the information to file fraudulent tax returns.

“The scam has worked on more than 30 companies resulting in the theft of W-2 tax information for thousands of current and former employees,” ODT’s news release states. “The W-2 form contains an employee’s Social Security number, salary and other confidential data. This information enables thieves to create a realistic looking, but fraudulent tax return requesting a tax refund that is then filed with Ohio or other states, and the IRS.”

The frequency of tax fraud and identity theft continues to increase at an alarming rate. This tax season alone, the IRS reported an approximate 400 percent increase in phishing and malware incidents – a surge that was addressed back in February.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” said IRS Commissioner John Koskinen. “Everybody has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information. You can also let them know that they should never send sensitive information until a conversation takes place, either in-person or over the phone, with the member of management seeking the information. You can also check out the information provided here for general insight from ODT that could be used to help your employees identify phishing attempts and email scams.

If your Ohio business has been the victim of or experienced this or any other type of email phishing scheme, contact ODT immediately at 800.282.1780 to protect against potential tax fraud and safeguard Ohio taxpayer dollars.

Those who are interested in learning more about the increasing threat of cybercrime should check out The Columbus Cybersecurity Series. Presentations are scheduled to take place throughout the year and will focus on ways to help business owners learn more about cyber threats. The first installment is scheduled for Wednesday, April 6. The event is free but registration is required to attend. Attendees will walk away with new insight into these attacks as well as tips and advice that will help you protect your business.

By Lisa Beamer, CPA (New Philadelphia office)

Want to protect your employees from identity theft and tax fraud or need help recovering? Check out these articles:

How Can You Protect Yourself From Tax Fraud

Identity Theft Prevention: Tips To Reduce Your Risk of Becoming a Victim

How To Recover From Identity Theft & Refund Fraud

Share Button