Unlock the secrets to safeguarding your small business's most valuable asset—its data—as I, Veronica Edwards, sit down with the astute CPA Michelle Tracz. Together, we dissect the perilous landscape of cyber threats that small businesses face, providing you with actionable insights to combat electronic data breaches head-on. From discussing the harrowing tale of a local business's bank account hack to imparting strategies on employee vigilance against cunning phishing scams, this episode is a must-have for those determined to shield their enterprise's sensitive information. We even wade into the nitty-gritty of implementing ironclad internal controls, ensuring your passwords are uncrackable and multi-factor authentication becomes your new best friend.
The conversation doesn't end there. Dive into the lifeboat of data backups with personal accounts of how they can be your saving grace amidst digital disasters. Learn why limiting who can access what within your company isn't just bureaucracy—it's the bulwark against data disasters. I'll share insights from my days at Price Waterhouse Coopers, bringing old-school wisdom to the modern challenges of device management and encryption. And we wrap up with something to soothe those lingering anxieties: a primer on cyber security insurance, the umbrella policy for when the storm clouds of cyber threats gather. Tune in, and equip yourself with the knowledge to keep your small business data secure and your peace of mind intact.
https://www.michelletraczcpa.com/
This program is brought to you by:
Balanced Virtually
Be sure to visit BizRadio.US to discover hundreds more engaging conversations, local events and more.
Unlock the secrets to safeguarding your small business's most valuable asset—its data—as I, Veronica Edwards, sit down with the astute CPA Michelle Tracz. Together, we dissect the perilous landscape of cyber threats that small businesses face, providing you with actionable insights to combat electronic data breaches head-on. From discussing the harrowing tale of a local business's bank account hack to imparting strategies on employee vigilance against cunning phishing scams, this episode is a must-have for those determined to shield their enterprise's sensitive information. We even wade into the nitty-gritty of implementing ironclad internal controls, ensuring your passwords are uncrackable and multi-factor authentication becomes your new best friend.
The conversation doesn't end there. Dive into the lifeboat of data backups with personal accounts of how they can be your saving grace amidst digital disasters. Learn why limiting who can access what within your company isn't just bureaucracy—it's the bulwark against data disasters. I'll share insights from my days at Price Waterhouse Coopers, bringing old-school wisdom to the modern challenges of device management and encryption. And we wrap up with something to soothe those lingering anxieties: a primer on cyber security insurance, the umbrella policy for when the storm clouds of cyber threats gather. Tune in, and equip yourself with the knowledge to keep your small business data secure and your peace of mind intact.
https://www.michelletraczcpa.com/
This program is brought to you by:
Balanced Virtually
Be sure to visit BizRadio.US to discover hundreds more engaging conversations, local events and more.
Welcome to the Veronica Edwards Show, where we have fun financial conversations that everyone listening can apply to their personal and professional life. I'm your host, veronica Edwards, and I'm so excited to be back here on biz radio dot US season three Always want to thank the V team for coming back every week. Especially now that it's the winter time, it's definitely, you know, a little gray. I was seeing on the news that December and January was the second what is months in history for our area, and it seems like all of the Eastern Seaboard has been the same way. So this always brings a little sunshine to my life having our monthly segment yes.
Veronica:Michelle, with with our fellow CPA, miss Michelle Chott's. Owner of Michelle Chott. Cpa C, f, e, p, l L C. You know it's got to do a song for you. Welcome back.
Michelle :I love that. Thank you so much. Yes, I'm so glad that we're, you know, in February and January and December can just be behind us.
Veronica:Absolutely, and, you know, with this show airing in February.
Veronica:You know, michelle and I was just talking about finishing up W two's they have to be done for employees and 1099s I have to be completed for contractors, which I didn't realize this year they have to all be, you know, completed electronically.
Veronica:So I might need to send a note to some of my clients that I'm coaching like, oh fyi, make sure that this actually gets in before the deadline which is approaching, because we're pre recording this. But because of all of these things that we're sending electronically and all this confidential stuff that we usually send out especially early in the year, it really made me think about Michelle today for us to talk about data security, or some people like to say cyber security, because we do use, you know, cloud management with Google Drive and all this electronic sharing of confidential information. So I thought it would be good just to start off the year just giving some tips on data security for small business owners. Michelle, I would love, just before we get started, your insight on that. If you've been seeing over the years, with you being in business for yourself over 10 years, have you seen how this has become more and more of a concern?
Michelle :Oh my gosh. Yes, I'm so glad we're going to talk about this. It's always been a concern, right, because we do everything with a computer and we use email, and that's been around since I don't know the dark ages.
Michelle :But, when the pandemic hit and everybody moved to computers, electronic and the cloud, everything became hypersensitive to cyber attacks and we've seen, we hear about them on the news, the you know the really important big ones, of course, but the the the impact is going to have to small businesses just cannot be. You know, you can't talk about it enough. It just can't be said enough about how important this subject is in terms of small businesses and protecting yourself.
Veronica:Absolutely, and I was just sharing with Michelle, before we started today, that I actually saw on the local news here in Asheville a local business owner was completely hacked and their business bank account was wiped clean and I would just hate for that to happen to anybody and thankfully the community is rallying behind the small business owner and made it on the news, but that's not always going to be the case for everybody. So I would love, michelle, if you can get us started with our first tip that we're going to provide a small business owners today on data security.
Michelle :Yeah, so you know we love our team, but we have to be cognizant of the fact that they're as much out in the open and exposed as the rest of us are, and yet they work for you as a small business owner and you're responsible for their actions. And they can also bring in a disease, right, they can bring in illness. They can bring in cyber attacks.
Michelle :So, just like back in the day when we all used to work in offices, and we had, you know offices next to one another and we'd meet each other in you know the coffee room and we could share our germs, right, and we accepted that risk. It's the same thing with electronic security. We are basically putting our team members out there just being exposed to germs, so to speak. So we want to make sure that we train our team members thoroughly. What to look for, what's going to be sort of the the. I got you right. There's all those phishing scans out there. There's so much out there. I mean I can't even begin to tell you the amount of emails that come in through our, you know, through our outlook, you know through our cycles and you know it's just a matter of them trying to get us to respond, get information from us.
Michelle :So it's really important to train your employees to know what they're looking for, make sure they know what not to do like.
Michelle :Specifically, don't open up any emails or any attachments that they're not expecting or they don't know who is from. Also, we use our phones. It's really important to remember that when you look at the phone, you don't necessarily always see the full address of who is sending that email. So be super careful, go to the computer. Make sure you can click on the email address and see who it's from. It may not be actually from who it may appear to be from. So you just have to be super careful, making sure you train your employees watching for all that stuff and also remember to instill really good controls, forcing them to change passwords, use multi-factor authentication wherever and however you can it's going to be super helpful and making sure they use strong passwords that people can't guess and then attack your system. So training is just so key and it starts with just that, with making sure your employees understand what the good internal controls are and how to be on the lookout for those cyber attacks and those phishing scams.
Veronica:Yeah, bishel, you hit that right on the head, and I remember starting my career over 20 years ago and thinking to myself why do I have to have this password that's uppercase, lowercase, a character, this and that? And you're right, we would have to change our pass codes every felt like three months or so and I thought it was just ridiculous. And now, seeing how things have evolved, I'm like, absolutely, I think about even when we didn't even have passwords on our Wi-Fi.
Michelle :Yeah, I mean it's so funny you say that because I remember too. I remember being in corporate America they're making my password again. I can't think of another one. Well, now we have really cool systems that can just give you a gibberish password and you don't even have to remember it or worry about coming up with a new one or whatever. But yeah, it's really important.
Veronica:Absolutely, and, just like you said, it's as simple as just training employees, training yourself, just like we train our children and our loved ones to call 911. And I love the analogy that you said about being sick and spreading the germs, and this can happen too, with us being remote. So for the second tip that I wanted to go into, that kind of goes along those lines with sickness is deploying some type of antivirus software. So it's so important for spyware and the phishing scams and all that stuff that you can actually buy software that can protect your technology. And also it's important just to be proactive, not wait for something to happen.
Veronica:So some that you guys might be familiar with is Norton Antivirus, bit Defender, just to name a few, even if when I first started with my business, I just bought my computer from Best Buy and I said, hey, I'm going to go with Geek Squad, yeah, and I'm going to enroll and I think it was like web route and some of the basic things and it's all a business expense guys, these things that you have. So you don't necessarily have to employ a contractor that specializes in some of this data security. You can just utilize some resources that you already have and local chains. Like I mentioned with Geek Squad is very easy 1-800-NUMBER. They can help and protect you, but I definitely recommend deploying some type of antivirus software. Any thoughts on that, michelle?
Michelle :Oh my gosh, yeah, no, I can't agree more. It's super important. I mean we use that analogy of being sick, but it's, it works right. We want to protect our computers and our businesses from this virus, from getting sick, from the infection that our employees may bring into us or that people may reach in through holes, through gaps in our systems, through gaps in our controls and infect us all. It's terrible Antivirus is. It's a must have.
Veronica:And just like anything, when we talk about vaccines, things like that, you also have to get the latest updates and the latest patches. You can't just get a anti-virus software in 2024 and think it's going to continue to work the way it was for you currently in future years. So definitely stay on top of those things. All right, Michelle, what's the next tip that we can get to those listening to protect themselves?
Michelle :So I think the next most important thing now that we've trained our employees, we have the proper anti-virus software in place is always be backing up your data.
Michelle :Always make sure that you have backups, because what happens is, you know, as we always say, things happen. So once it does so, you do everything you can to prevent it, but then, when it does, you can at least get back to some sort of assemblance of order, so to speak. Maybe you lost a day, or maybe you lost half a day because you have been consistently and properly backing up your data so that you don't have to go back to last week or last month or heaven forbid a year or more ago, Like it's just.
Michelle :it would be terrible. Think about if you lost your data. So, make sure you've got backups is super key. I think it's just so important to make sure that you know when you have ransomware attacks or things like that you don't have to worry about paying the ransom Like fine, whatever, be gone with you, I've got my backup and so I just have to like redo a day's worth of work maybe.
Veronica:And you know, I think people don't even realize that if they're already part of Google suite, you have Google Drive or some people are familiar with Dropbox. So anywhere that you can, you know, back things up to the cloud but say, by chance, something happens, even with the cloud. I have also an external hard drive where I'm also backing up everything on my computer to a removable drive that I'm putting somewhere, ideally in a fireproof safe or something like that. But definitely make sure you're backing up your files. I know we've all had those horror stories.
Veronica:Thankfully I haven't personally, but I have worked with another CPA and it was a smash and grab. They were in a completely different, yes, state, in a very wealthy city in California and they were at a restaurant and not only was their laptop stolen but their wallet, passport, all these things while they were traveling, and immediately I went into panic mode like, oh my gosh, if that was me, I don't know the last of my, back something up. And that person, fortunately, was backing everything up to the cloud. So it was easy for that person just say, oh, I just need a new computer. And they were able to have everything password protected and so even if someone tried to hack into it. It would have been very difficult. So even on your personal computer, I know sometimes it sounds silly to put a password, but you just never know what could happen in a split second when you leave some of your personal devices alone. That also has other people's confidential information on it.
Michelle :Yeah, yeah for sure, I mean I think, I think that's smart. You know, just having that backup is just going to be so key, and so that's what. That's what I train my team to do as well. You know, the computer is just an electronic device that allows the interpretation and use of data for me to get a job done, but I always tell them never store anything on the hard computer itself. Everything gets stored to another file and then backed up to, like you said, a portable hard drive or to one driver in the cloud or whatever. So always having that backup so that you know, like you said, when that terrible thing happens, when all of a sudden you're like, oh my God, where's my, where's my computer? Oh my God, where's where's my phone, like it's all gone, someone took it or you lost it or you dropped it or something happened, you don't have to worry about it, you just go and get another one and you're right back in business, exactly.
Veronica:And I know this topic can sometimes feel like doom and gloom. It's almost like when we talk about having a will and a trust, like we never want to think about. You know the inevitable, but I hate to say it, in the time that we're living in, the more and more that we're remote and we're virtual, unfortunately, you just have to make sure that you protect yourself. So, with that being said, I want to jump into the next topic, or next tip, which is limiting access to sensitive data. Now, this sounds super simple, michelle, that oh yeah, of course you should limit access to sensitive data. But you'll be surprised how often we kind of just leave things physically hanging around and then also, just you know, we're sending things via email and we're not realizing like, hey, this has social security numbers, this has addresses, this has phone numbers just enough information for people to be dangerous.
Veronica:And especially with us working in accounting, sometimes I don't know about you, michelle I take for granted sometimes that this information is so sensitive because I'm just used to dealing with it all the time. So I tell people all the time oh yeah, it's no big deal for me to be talking about, not that it's my money, a million dollars or hundreds of thousands of dollars, but I do want to be mindful of those routing numbers, those checking account numbers. So definitely small business owners that are listening, you know, just set out a plan that outlines to individuals what information is available to who you know. You never want to just give the whole company access to all the payroll files, you know. Again, there should be privileges for check signing, access to bank accounts, access to your financial management system like QuickBooks and Square and PayPal. So again, we want to be transparent with our team but at the same time we have to be smart and make sure that we're limiting that access, any, any areas in this, michelle, that you want to add from your experience as well.
Michelle :You know, I love that you raised that point about limiting the access, because it's sort of hand in glove with the other topics or points that we were talking about as well. Because let's just say, for example, you've got someone at the front desk who is your receptionist, answering calls and getting the mail, and you know people are coming in and you don't realize that they have access to something that is super sensitive and they walk away from their computer to go to the back for some reason or whatever and somebody had ill intentions and gets into the computer there and now suddenly we're talking about a breach of data. That was unintentional and it's and it happens, and it happens that quickly and you. So it's really important to limit who has access to what and making sure you instill those proper internal controls so that you could make sure that that front desk person, knowing that they're going to leave their station periodically, doesn't have access to, like you said, bank accounts or sensitive data.
Michelle :I mean, it's just, it's all part of training your team, making sure you've got good internal controls in place, making sure they know how to, when they leave their computer, to put the, the passcode up. In other words, you can lock your computer so that they you have to have a password to get back in, like little things like that. But it goes a long way to help prevent, you know, fraud or theft for sure.
Veronica:Yeah, I remember when I worked for Price Waterhouse Coopers again about 20 years ago, and they had I don't know what it's called, but it was like these cool little like shades that you can put on your screen, so where I, when I was working, I could see my screen, but if people were walking behind me it looked like it was completely darkened and I thought that was the coolest thing and I can just pull it in and out and there's like little flaps on the side of the computer where I could kind of put that shade in.
Veronica:And we also had when we could lock our computer and we had like a little combination that would be in the USB area to where we're auditing and we're at different client sites. If somebody just walked past our room, like you said, and wanted to physically steal something, we were able to lock down our computers. Which brings us to our last topic, michelle, actually Guarding against physical theft, which again goes hand in hand with limiting access to sensitive data. But I think sometimes we forget about in this cyber world the physical aspect too.
Michelle :Yeah, I mean and we sort of already talked a little bit about that, right, because we talked about how you know people can you know Steal your computer from the coffee shop or your phone, or whatever?
Veronica:you could lose it.
Michelle :So it's all part and parcel of the same thing just using these devices, these computers, the phones, the, the scanners, whatever you've got your laptop, just making sure that it's just a Device used to calculate and, to you know, do some things and some data Management, so to speak, but not retaining the data or the access directly through that laptop. It should be all through the cloud. You should have all your passwords and everything protected. Your, your computer should be password protected. So if you have to get up to go grab another coffee, get up from your computer, for example, you're at the coffee shop you should immediately Password protect your computer so that if it is picked up in that split second and someone's walked out with it, that it doesn't have any data on it. Everything's been backed up, it's in the cloud, you have put the password on, so it's gonna take that person a little bit longer to get inside the computer. But again, it's just a device and so it's just. It's just super important to be thinking about these things.
Michelle :The other thing I like to tell clients is I know this sounds crazy, but back in the day we used to have make sure we had an inventory. So we have an inventory and you know exactly who has what computers. It's like making sure that you know who has what keys to your house or to your business, and so you want to make sure you will understand. Keep an inventory of all of the devices that everyone has, and Then also making sure that you're training and teaching your team members that when they because now we can access so much through our Handheld computers, those things we call phones.
Michelle :So making sure that those devices on you train your employees to know they also need to be protected. They need to have passwords on them. You they need, you need to train your staff and employees to understand that when there's data on your phone, you've downloaded it, you're working on something on your phone or something that you immediately delete it or remove it from your phone. So there's so many ways that we need to be training our employees making sure we're securing our data by backing it up, making sure that we're limiting who has access to what data so that we're not inadvertently exposing people or our sensitive data to nefarious you know schemes or scams, and then also making sure we keep a really good inventory of the physical property that we have and then training and teaching our employees how to be very mindful of that physical device, what's in it, where it is, where it's stored, and how we can keep it safe. Well, michelle, you buttoned us up nice and tight.
Michelle :It's already.
Veronica:I feel secure physically and in the cyber world, but that you definitely hit that right on the head. Thank you so much, michelle, again, for coming on and just adding your perspective when it comes to data security, because it's very important and you know, the older I get, I feel like I sound like my mom in jet about you know, like all of these things. But they were right and it's for a reason and we want those that are listening to know like it's not too late to protect yourself, but please be proactive and don't wait for something like data breach for you to tighten up those policies and procedures.
Michelle :So you know. There was one more thing I wanted to mention. Yes, you know I have cyber security insurance too, so you know you want to also be thinking about protecting yourself from the what if by thinking about having insurance in place, and I just you know the volume of scam emails I get it's ridiculous. So you can't overemphasize all the tips and things that we talked about today, putting those programs and processes in place and then thinking about protecting yourself on the what if? Side. Get the proper cyber security insurance to help financially, you know, secure you and your clients or the people you're doing business with from anything that could go wrong Perfect.
Veronica:Thank you, Michelle, so much for taking time out of your busy day and I want to thank all the listeners For tuning into bizradious for the Veronica Edwards show on Wednesday across all platforms and if you miss the live airing, you can listen to all prior shows at Veronica Edwardsbussproutcom.