Phishing emails are common nowadays. How aware are you of these threats? Do you know the magnitude of what these hackers can do? This episode of the podcast Strategy in the Virtual Controller dives into the story of Andrew Lassise, IT for tax professionals & bookkeepers at Rush Tech / Tech 4 Accountants.

Andrew provides insight into common cyber threats such as phishing attempts and ransomware. He also shares a story about a man whose life savings were taken away right in front of him due to his lack of security measures. Through this conversation, we learn the importance of being aware of what is being clicked on and enabling two-factor authentication on all accounts. We also gained advice on developing workflow systems for verifying invoices with vendors over the phone; implementing strong cybersecurity protocols, training, and audit trails; and being cautious when dealing with online files that may contain malicious software. Finally, we discuss the importance of verifying wiring instructions and other details before sending payments to suppliers, as well as developing a cybersecurity awareness policy for employees to review annually.

[00:00 - 16:07] How Cybersecurity Threats Evolve Today

• Andrew's background story of how he ended up working in the accountant vertical

• Bad actors scrape information from social media to send phishing emails

• Phishing emails often ask for help with filing taxes or offer a zip file with returns

• If opened, malware is installed, which encrypts data and demands payment for its return

[16:08 - 25:06] Protect Yourself from Malware and Ransomware

• Cybersecurity threats have evolved over the last few years, becoming more targeted and calculated

• Examples of cyberattacks include bypassing two-factor authentication and wiring out life savings

• For those with a company portal, questions should be asked regarding their security measures

• A layered approach should be taken for protection against malware and ransomware

[25:07 - 47:57] Cybersecurity Training: The Key to Avoiding Fraudulent Wire Instructions

• Always call to confirm the wire instructions

• Look out for changes in the volume of purchases, payment details, and sudden increases in payments

• Be aware of apps that require personal information and be cautious when engaging with things on social media

• Hackers don't always manually try to gain access but can use information from breaches or social media posts

[47:58 - 50:03] Closing Segment

• Connet with Andrew and book a complimentary IT audit for your accounting firm

• Andrew's closing advice: develop cybersecurity awareness policies and training

Tweetable Quotes

“The front line of defense on everything is your people. So in that specific example of somebody that's working in AP, I think it's going to come down to something workflow related to have some sort of check-in balance because there isn't a communication in that exact scenario.” - Andrew Lassise

“Getting that awareness, I think, is really the best first step. And it's also doesn't cost anything.” – Andrew Lassise

-----------------------------------------------------------------------------

Thank you for listening. Please like and share this episode with a friend!

Websites: https://moneypennyllc.com/

LinkedIn: https://www.linkedin.com/in/damiengreathead/

Twitter: @Damien_GH

LinkedIn: https://www.linkedin.com/in/penny-breslin-0228b81/

Twitter: @pennyb57