I attended another online security program last week at the New Jersey CPA convention. This remains a topic of major concern for all types of technology users. My focus is on practical solutions for small business user issues. Yesterday an alarming show on National Public Radio reinforced the conclusion that these online security problem issues will get worse for us before they get better. This should prompt us to re-examine our own security protocols
What if we assume that all of our online data security has already been breached and all of our online data is already available to potential hackers? The simple question that remains is what can we do as technology users to ensure our own security in an environment of ongoing online security breaches?
The combination of secure password management plus second factor authentication remains the best available solution.
I asked a question at the NJCPA seminar about the current thinking on random password generators and password management systems like Lastpass. This approach remains the #1 way to ensure the use of unique randomly generated long passwords for each online service that we use. This is the best way to ensure primary access (username and passwords). It’s effectiveness, however is based on out ability to keep a single master password secure. That is a significant issue since the ability to remember a master password without recording it can still be a challenge.
CPA Letter reports “The majority of people say they change online account passwords at least once a year, according to a survey by Digital Guardian. Twenty-eight percent report using a secure password manager to remember account credentials, while 39% keep track of passwords on a piece of paper.” It seems clear that more small business people should be using a secure online password management system.
I first reviewed Lastpass in 2012 for the NJCPA technology blog and found it to be an effective solution for small business users.
Online security can be further enhance y using two factor authentication (2FA). One of the simplest and most effective is Yubikey. The video below introduces the product. The cost is about $50 to $100 per user. Unlike other solutions, this is a one time cost, not a subscription.
Small businesses should use more than one Yubikey to protect from the possibility of loss of a user’s key. One person businesses can incorporate a trusted adviser’s key into their own account in the event that a key is lost or destroyed. A CPA or other adviser working remotely can use the combination of the client’s verbal password plus his own 2FA to remotely deactivate the 2FA in the client’s account in the event of an emergency.
Other methods of 2FA are bio-metric scanning (fingerprints or facial recognition) or smartphone text message codes.
In summary, the combination of Lastpass plus Yubikey remains an effective, most secure and cost-effective approach to small business online security. While I am aware that there are similar products in the marketplace, these are the market share leaders and so I choose to focus my recommendations and reviews on these name brand solutions.
I strongly recommend that a review of security protocol should be included in all personal financial planning and small business accounting engagements. I would be pleased to discuss these issues as they relate to your small business.