![Page 1: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/1.jpg)
![Page 2: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/2.jpg)
![Page 3: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/3.jpg)
![Page 4: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/4.jpg)
![Page 5: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/5.jpg)
Dr. Robert K. MinnitiDBA, CPA, CFE, Cr.FA, CVA, CFF, MAFF, CGMA, PI
President, Minniti CPA, LLC
Cybersecurity Essentials for Tax Preparers
![Page 6: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/6.jpg)
Dr. Robert K. Minniti
DBA – Doctor of Business AdministrationCPA - Certified Public AccountantCFE – Certified Fraud ExaminerCrFA – Certified Forensic AccountantCFF – Certified in Financial ForensicsCVA – Certified Valuation AnalystMAFF – Master Analyst in Financial ForensicsCGMA – Charted Global Management AccountantPI – Licensed Private Investigator
![Page 7: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/7.jpg)
Objectives
Upon completing this class you will be able to:
Identify cybersecurity risksIdentify internal controls for cybersecurity
![Page 8: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/8.jpg)
Securing Personal Information
Client Information
Employee Information
Vendor Information
New Laws
An Issue for Tax Professionals
![Page 9: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/9.jpg)
IR-2018-245, DECEMBER 7, 2018
The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security plan. Sole practitioners are just as vulnerable to data theft as practitioners in large firms.
During the 2018 tax filing season, the IRS received five to seven reports per week from tax firms that have experienced a data theft.
Through Nov. 5, 2018, the IRS received 234 reports for the year. That’s a 29 percent increase from the 182 reports received during the same time in 2017. Generally, these are reports filed by firms, which means hundreds more tax practitioners and tens of thousands of clients are affected.
This increase represents a significant trend in tax-related identity theft, and it’s a sign that tax professionals must take stronger measures to safeguard their clients and their business.
https://www.irs.gov/newsroom/irs-security-summit-partners-warn-tax-professionals-of-high-risk-of-data-theft-attacks
![Page 10: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/10.jpg)
IR-2018-245, DECEMBER 7, 2018
Thieves search for client data so they can create a fraudulent tax return that looks legitimate and might bypass IRS filters. They also impersonate tax professionals, using stolen Electronic Filing Identification Numbers (EFINS), Preparer Tax Identification Numbers (PTINs) and Centralized Authorization File (CAF) numbers.
The Gramm-Leach-Bliley Act of 1999 requires all financial institutions, which it also defines as professional tax preparers, to create and maintain information security plans. The Federal Trade Commission, not the IRS, administers this law and created a Safeguards Rule to administer it. Information about the FTC requirements can be found in IRS Publication 4557, Safeguarding Taxpayer Data.
https://www.irs.gov/newsroom/irs-security-summit-partners-warn-tax-professionals-of-high-risk-of-data-theft-attacks
![Page 11: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/11.jpg)
IRS - INFORMATION SHARING AND ANALYSIS CENTER (ISAC)
https://www.irs.gov/pub/newsroom/IDTTRF%20ISAC%20April%202018%20Annual%20Report.pdf
The ISAC’s purpose is to:
• Facilitate information exchange for tax administration purposes related to identity theft tax refund fraud. • Provide a forum for participants to discuss real-time responses to such fraud schemes. • Promote the advancement of data analysis, capabilities, methodologies and strategies to detect, reduce, and prevent this type of fraud.
![Page 12: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/12.jpg)
IRS - INFORMATION SHARING AND ANALYSIS CENTER (ISAC)
https://www.irs.gov/pub/newsroom/IDTTRF%20ISAC%20April%202018%20Annual%20Report.pdf
![Page 13: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/13.jpg)
IRS - INFORMATION SHARING AND ANALYSIS CENTER (ISAC)
https://www.irs.gov/pub/newsroom/IDTTRF%20ISAC%20April%202018%20Annual%20Report.pdf
![Page 14: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/14.jpg)
Polling Question #1
True or False
The IRS does no believe data breaches are a risk for tax professionals
![Page 15: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/15.jpg)
![Page 16: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/16.jpg)
Cybersecurity Terminology
Threat
An event with the potential to adversely affect an organization
Unauthorized access to systems or data
Destruction of systems or data
Disclosure of data
Modifications or changes to data
Denial of service (DoS)
![Page 17: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/17.jpg)
Cybersecurity Terminology
Adversary
An individual or entity with the intent to harm an organization by conducting cyber attacks
Attacker
An individual or entity attempting to harm an organization by conducting cyber attacks
![Page 18: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/18.jpg)
Cybersecurity Terminology
Authorization
Access privileges granted to users or applications
Authentication
Verifying the identity of a user, software application or device before granting access
![Page 19: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/19.jpg)
Cybersecurity Terminology
Encryption
Converting data to another format that cannot be read or viewed until it is decrypted.
An average desktop computer is estimated to take around 6.4 quadrillion years to crack an RSA 2048 encryption key.
![Page 20: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/20.jpg)
Cybersecurity Terminology
Hacker
An individual or entity trying to gain access to an IT system to steal or compromise data
Black Hat HackerWhite Hat HackerGray Hat Hacker
![Page 21: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/21.jpg)
Hackers
Hackers have different motivations for their actions
Hacktivists
Cyber Criminals
Insiders
Competitors
Nation States
Joyriders
Upset customers
Law Enforcement
![Page 22: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/22.jpg)
Cybersecurity Terminology
Weakness
A vulnerability in the IT systemSoftware bugs
Hardware issues
Security issues
![Page 23: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/23.jpg)
Cybersecurity Terminology
Exfiltration
The unauthorized theft or transfer of data
Exposure
The time period in which a vulnerability can be exploited
![Page 24: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/24.jpg)
Polling Question #2
True or False
Exfiltration is the unauthorized theft or transfer of data
![Page 25: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/25.jpg)
Backdoors
A backdoor is a route into a computer that circumvents the user authentication process and allows hackers open access to the system once it is installed.
![Page 26: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/26.jpg)
Computer Virus
A computer virus is usually hidden in a computer program and performs functions such as copying or deleting data files. A computer virus creates copies of itself that it inserts in data files or other programs.
![Page 27: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/27.jpg)
Trojan Horse
A Trojan horse is a malware program that is disguised as something else. Users assume it is a beneficial program when it fact it is not. Trojans horses are often used to insert spyware onto computers.
![Page 28: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/28.jpg)
Computer Worms
A computer worm is a type of malware that transmits itself over networks and the internet to infect more computers with the malware.
![Page 29: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/29.jpg)
Polling Question #3
True or False
A computer virus attacks software already on your computer
![Page 30: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/30.jpg)
Internet of Things (IoT)
Devices with access to an IT system or to the internet.Cameras
Microphones
Cars
Thermostats
Appliances
Copiers & office equipment
![Page 31: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/31.jpg)
Cloud Computing
Using the internet to connect with remote servers to access software or data.
![Page 32: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/32.jpg)
INTERNET STRUCTURE
www.cybertraining365.com
![Page 33: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/33.jpg)
![Page 34: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/34.jpg)
![Page 35: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/35.jpg)
Cybersecurity Risks
Civil litigation
Fines
Damage to reputation
Loss of customers
Government settlement – long term audits
Business disruption
Ransom payments
![Page 36: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/36.jpg)
Cybersecurity Risk Factors
Employees
Don’t understand the risksLack of cybersecurity trainingOverride internal controlsInattentionWorking remotelyData & file sharingUsing personal devices
![Page 37: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/37.jpg)
Cybersecurity Risk Factors
IT Systems
Complex IT systemsOlder technologyBring your own device (BYOD)Lack of internal controlsIneffective cybersecurity measuresUndertrained IT personnelFile SharingCloud Computing
![Page 38: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/38.jpg)
Phishing
Used to gain personal or business information, such as usernames, passwords, Social Security numbers, and credit card numbers, etc.
Often accomplished by using fraudulent e-mail messages that appear to come from legitimate businesses or government agencies.
![Page 39: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/39.jpg)
Phishing Example
![Page 40: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/40.jpg)
Phishing Example
![Page 41: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/41.jpg)
Phishing Example
![Page 42: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/42.jpg)
IRS VishingComputer generated voice:
Hello. This call is officially a final notice from the IRS, Internal Revenue Service. The reason of this call is to inform you that IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 202-492-8816. I repeat 202-492-8816. Thank you.
VISHINGVishing is similar to phishing but it occurs over the phone rather than over the internet.
Criminals try to obtain information or try to load malware on the victim’s computer.
![Page 43: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/43.jpg)
DISGUISING A VOICE
When criminals want to disguise their voices over the phone it is easy to do because there are numerous “Apps for that”
![Page 44: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/44.jpg)
SMISHING
Smishing is similar to phishing and vishing but it is done using text messages rather than phone calls or email. Criminals try to obtain information or try to load malware on the victim’s computer.
![Page 45: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/45.jpg)
SPOOFING A PHONE NUMBER
https://www.spoofcard.com/apps
![Page 46: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/46.jpg)
SPOOFING EXAMPLE
https://www.knowbe4.com/
![Page 47: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/47.jpg)
Polling Question #4
True or False
Criminals use phishing emails to obtain information or to load malware on a victim’s computer
![Page 48: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/48.jpg)
Denial of Service Attacks
This cybercrime occurs when the criminals use botnets or networks of infected computers to bring down a website by overloading the server.
Oftentimes criminals follow up with an attempt to hack the system and put malware on the server when the victim is busy repairing the damage
![Page 49: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/49.jpg)
Malware
Malware is placed on computers or cell phones to hijack the computers, steal data, or encrypt the data for ransom.
![Page 50: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/50.jpg)
Ransomware
Ransomware is placed on computers to encrypt your data until a ransom is paid for the decryption key
CryptoLocker is one example of ransomware.
CryptoWall 2.0 is one of the newer versions
The FBI estimates that ransomware is a $1 Billion a year fraud
http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/index.html?section=money_technology
![Page 51: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/51.jpg)
RANSOMWARE
Scareware (Pop-ups)
PC Cyborg (1998)
TeslaCrypt (Gamers)
Locky (Email)
Wannacry (Windows flaw)
https://www.knowbe4.com/
![Page 52: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/52.jpg)
CryptoLocker
![Page 53: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/53.jpg)
Ransomware
![Page 54: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/54.jpg)
RANSOMWARE ATTACKS EMAIL
https://www.knowbe4.com/
![Page 55: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/55.jpg)
Cell Phone Spyware
Popular versions of spyware for cell phones
• HighsterMobile• Spyera• Spyrix• FlexiSpy• Mobile Spy• MobiStealth• mSpy
![Page 56: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/56.jpg)
Cell Phone Spyware
Criminals use charging stations in public places to load malware onto mobile devices.
Always use an electric plug or USB condom when charging your mobile device
![Page 57: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/57.jpg)
Other Spyware
Popular versions of other types of spyware
• Keylogger
• Win-Spy
• Spytech Spy Agent
• SpectorSoft
• 007 Spy Software
![Page 58: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/58.jpg)
Polling Question #5
True or False
One type of ransomware encrypts data on your computer
![Page 59: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/59.jpg)
Data Breaches
Stealing data from computer systems belonging to companies, governmental units, and even not-for-profit organizations.
Large amounts of information are stolen in a short amount of time.
![Page 60: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/60.jpg)
Data Breaches in 2016
2017 Cost of Data Breach Study: Global Analysis, Benchmark research sponsored by IBM, Independently conducted by Ponemon Institute LLC
![Page 61: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/61.jpg)
Sockpuppets
![Page 62: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/62.jpg)
Computer Generated Photos
https://petapixel.com/2018/12/17/these-portraits-were-made-by-ai-none-of-these-people-exist/
![Page 63: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/63.jpg)
Polling Question #6
True or False
Lack of adequate internal controls is one cybersecurity risk
![Page 64: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/64.jpg)
Cybersecurity Risk Management
Managing IT assetsEmployee awareness & trainingBusiness continuationChange managementIT configuration managementData securityDisaster recovery planIncident response plans & teams
![Page 65: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/65.jpg)
Cybersecurity Risk Management
Access controlMonitoring issuesSending alertsManaging media & dataPhysical securityEnvironmental considerationsHardware & software maintenance
![Page 66: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/66.jpg)
Cybersecurity Risk Management
Vendor managementEmployee trainingAssessing new hardware & softwareMobile devicesWork-at-home employeesCustomer accessLegal & regulatory requirementsBacking up data
![Page 67: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/67.jpg)
![Page 68: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/68.jpg)
Cybersecurity Frameworks
COSO Framework for Internal ControlCOBITISO 27001NISTCIS Critical Security ControlsHITRUST
![Page 69: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/69.jpg)
COSO Framework for Internal Controls
The COSO Framework for Internal Controls has five components
Control EnvironmentControl ActivitiesRisk AssessmentInformation & CommunicationMonitoring
2013, Committee of Sponsoring Organizations of the Treadway Commission (COSO)
![Page 70: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/70.jpg)
COSO Requirements for IT
Select and Develop General Controls over Technology
Determines Dependency between the Use of Technology in Business Processes and Technology General Controls
Establishes Relevant Technology Infrastructure Control Activities
Establishes Relevant Security Management Process Control Activities
Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control Activities
2013, Committee of Sponsoring Organizations of the Treadway Commission (COSO)
![Page 71: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/71.jpg)
COBIT
Created and published by the ISACA
Used in conjunction with the COSO Framework
Often adopted by public companies
A best-practices framework
Four main domains Plan & organize
Acquire & implement
Deliver & support
Monitor & evaluate
![Page 72: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/72.jpg)
ISO 27001
Created and published by International Organization for Standardization (ISO)
Most well known cybersecurity standard
Most commonly used outside the U.S.
Focuses on technology and assets
Concentrates on risk mitigation
![Page 73: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/73.jpg)
NIST
Created and published by the National Institute of Standards and Technology (NIST)
Used for implementing the Federal Information Security Act of 2002 (FISMA)
Developed & used by government agencies and contractors
Sets minimum requirements for IT security
![Page 74: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/74.jpg)
CIS Critical Security Controls
Recommended cybersecurity controls
Provides specific ways to stop attacks
Prioritizes actions with high payoff results
![Page 75: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/75.jpg)
![Page 76: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/76.jpg)
HITRUST
A risk & compliance framework
Mostly used in the US healthcare industry
Designed to protect personal health information (PHI)
Easily modified for flexibility of scale (Size, type, etc.)
Easily updated as regulations change
Defines a set of internal controls
![Page 77: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/77.jpg)
Polling Question #7
True or False
The HITRUST framework is predominately used in the US healthcare industry
![Page 78: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/78.jpg)
![Page 79: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/79.jpg)
![Page 80: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/80.jpg)
Basic Internal Controls
Router & Switch
Firewall (Hardware & Software)
Virtual Private Network (VPN)
Encryption
Proxies
Network Intrusion Prevention System (NIPS)
Network Intrusion Detection System (NIDS)
Security Information and Event Management (SIEM)
![Page 81: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/81.jpg)
Basic Internal Controls
Limit access with user IDs and passwordsRequire complex passphrases
A minimum of 24 characters
Require password changes ever 90 days
Reset the default local administrator password
Spam filters
SOC for Cybersecurity (Vendors & others with access)
![Page 82: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/82.jpg)
Basic Internal Controls
Conduct a background check before hiring an employee who will have access to IT systems.
Conduct regular training for employees on how to protect company information.
Enroll in a back-up or wiping program that backs up smartphones and will allow you to remotely erase the information on a lost or stolen phone.
![Page 83: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/83.jpg)
Basic Internal Controls
Install a good anti-virus program on your computer and keep it up-to-date.
Encrypt your office wireless networks using WPA2.
Do not send company information over public WiFi networks.
![Page 84: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/84.jpg)
Basic Internal Controls
Do not reply to e-mails or click on links in e-mails from unknown sources.
Use a separate computer for bank and financial transactions
Monitor user activity on your IT system
Cyber Insurance
![Page 85: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/85.jpg)
Basic Internal Controls
Have real time monitoring of security events on your IT system
Update all software when vendor updates are made available
Use multi-factor authentication or biometrics
Conduct regular penetration & phishing tests
![Page 86: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/86.jpg)
Polling Question #8
True or False
Internal controls over a company’s IT system and data are essential
![Page 87: PowerPoint PresentationIR-2018-245, DECEMBER 7, 2018 The IRS reminds all professional tax preparers that they are required by federal law to create and maintain a written data security](https://reader033.vdocuments.us/reader033/viewer/2022060601/60558a0dae61e815f92edd28/html5/thumbnails/87.jpg)
Any Questions?