Data breach incidents have dominated many recent news cycles, and they are only becoming more frequent and damaging. All companies and organizations come into contact with some sort of personally identifiable information (PII). This might be consumer information such as credit card numbers, employee information such as Social Security numbers, or both. Whatever the nature of the PII, odds are good that it is eagerly sought by cyber criminals for use in fraud and identity theft schemes. In addition, there has been a rise in cyber-espionage hacking, where state-sponsored intruders target soft security practices of U.S. companies in order to acquire trade secrets and other sensitive information.
Employees can be a particularly weak point in company security. Inadequately trained employees tend to use weak passwords that they share or leave exposed, to be fooled into clicking on links or attachments in phishing e-mails, to transport unencrypted, sensitive data on mobile devices that can easily be lost or stolen, or to log onto your system from the outside using unsecure Wi-Fi access. Some employees with access to sensitive data may actually become knowing data thieves, or work in cooperation with cyber criminals outside of your company.
Sadly, most security industry experts agree that data breaches are unavoidable, and that the question is not whether your company (or your client) will be a victim, it’s when, and how well will you react to minimize the damage. There are things you can do to reduce your risks through better training, better practices and a well-crafted data intrusion loss plan.
- Recent major data breaches
- Trends in the types incidents and the industries targeted
- Employees as a soft spot in data security and how to minimize the risks
- Legal requirements for protection of information and responses to breaches
- The need for better training and practices in storing and maintaining data
- Cyber insurance
- The benefits and key elements of intrusion response planning
- Understand what personally identifiable information (PII) is and what obligations a company has with respect to consumer and employee PII
- Be able to describe common and emerging types of cyber security incidents and the industries targeted
- Know the data security risks associated with employees and the best strategies for minimizing the risks
- Be able to confidently structure and implement a data intrusion response plan
Who should take this course:
CPAs who advise business clients and CPAs working within corporate environments