Blog

Put your cybersecurity hat on—it’s quiz time

minute read

By

Last Updated April 12, 2024

Category Cybersecurity

which of the following is a security best practice

Share

What is it about cybersecurity that sends a chill down the spine? Maybe it’s our understanding that it can never be fully understood—never fully stopped. Maybe it’s that just as soon as we think we have it handled, we learn that we never could.

In this post, I’ll attempt to put a little courage where before, cyber fear may have lived. In each card, I’ll ask, “Which of the following is a security best practice?”

You’ll respond (in your head or out loud…it’s up to you) and then keep reading to see how well you did. You’ll also see some cybersecurity facts and stats scattered throughout this post. Don’t let that information frighten you—even though it’s almost Halloween…

Let’s get started.

Which of the following is a security best practice?

Question 1: Password security best practices

There are many schools of thought about the best, most effective way to store passwords, but here are a few cybersecurity best practices that you should keep in mind:

There’s no way with the number of apps and software we login to every day that we can’t save our passwords. So, instead of using your browser to save, opt for a password manager like 1Password.

Answer A: Using a password manager.

Question 2: Multifactor authentication

 

Never—ever—EVER—share passwords with other people. Today’s colleagues become tomorrow’s ex-coworkers. (Too rough?) Beyond that, it’s just unsafe and insecure.
Instead, protect your confidential information with:

  • A username: Usually this is an email address. Ensure you’re using an email address that only you have access to. If it’s a work-related app, use your work email. If it’s an app you use in your spare time, use your personal email. You get the idea.
  • A password: Make sure it has plenty of characters, and add in numbers, letters, uppercase, lowercase, symbols, hieroglyphics and runes (just kidding about those last two).
  • Multifactor authentication (MFA): MFA protects your information even if a hacker were to get access to your username and password. It uses a combination of what the user knows (e.g., password, security question) and what this user is (e.g., biometric identification like a fingerprint).

Answer B: Protecting data with a username, password and multifactor authentication.

Question 3: Email due diligence

 

As long as the sender is who they say they are, both A and B responses would be okay. But…what if they weren’t? What if the hacker had access to the sender’s inbox, continued to pose as them and convinced you to open the email attachment?

It’s not totally out of the realm of possibility. Business email compromise (BEC) is getting more popular all the time. (And don’t even get me started on deep fakes.)

“Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request.” FBI

There’s only one secure way to verify that the sender is who they say they are: Use a different communication mode to verify their identity. In this case, the security best practice is picking up the phone and calling.

Answer is C: Call the sender to verify they sent you the attachment.

Question 4: Social media best practices

 

Believe it or not, there is a right answer. And while we’d love to go with A, captioning a photo with a beloved animal’s name is actually a big negative, according to the FBI.

When it comes to sharing things online, don’t. Even if you weren’t using “Sirius” as a component in your password, you may have used it to answer one of those pesky online account setup questions. You know the ones: “What was the name of your first pet? What’s your mother’s maiden name?”

Don’t give the scammer any information—keep the following off the internet, just to be safe:

  • Pet names
  • Any schools you attended
  • High school jobs
  • Your birthday
  • Family members’ names
  • Favorite movie, book, etc.

Answer is B: “Woman’s best friend.”

Question 5: Transferring personal information

 

This answer? Purposefully tricky. While A may be the most secure, it’s definitely not the most efficient. Three years ago, in the lockdown days, it wouldn’t have even been possible. Additionally, it limits the geographical area you’re able to serve.

For this reason, the answer is C. It’s the most secure and efficient way to grant clients access to a cloud portal where they can input their PII (personally identifiable information) themselves.

After all, do you really need to know their Social Security number? Do you really want to take the time to read and confirm numbers over the phone?

Answer is C: You give them their own unique username and password to your cloud portal—insist they enable MFA—then have them fill out the information themselves.

Were you able to answer the security best practice questions correctly?

Thoroughly reading this post offers you security best practices information. Another and even more effective way? Signing up for ongoing cybersecurity awareness training.

 

According to Verizon’s 2023 Data Breach Investigations Report (DBIR), 74% of breaches involve the human element.

Nearly three in every four breaches—74% to be exact—include the human element. This is based on research done by Verizon for their annual Data Breach Investigations Report.

That means three out of every four people caused their own cyberbreach via:

  • Simple error
  • Privilege misuse
  • Stolen credentials
  • Social engineering

Security awareness training could have helped avoid nearly all these attacks, or at the very least, lowered the probability that they occurred.

Cyberbreaches: The scary truth

No person is completely immune to error; no company is 100% safe from a breach. But you can do several things to keep yourself safer:

  • Implement ongoing, year-round security awareness training: Security best practices training should be offered across the business. From receptionists to executives, everyone needs to be trained.
  • Consider an outside technology provider: Seek out an IT provider who specializes in your niche, offers 24/7 support and has plenty of security experience.
  • Use a managed cloud: The cloud offers more than just security benefits—it improves productivity across the organization, provides a collaborative workspace for users that updates in real time and so much more. Keep in mind: Not all clouds are built the same. You’ll want to make sure any cloud technology you’re using is managed by a vetted provider and that it offers additional services (like automatic backups, 24/7 support and more.)

For more information about securing your accounting firm or small business, subscribe to our blog today.

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.
Privacy(Required)

About the author

Kiara Williams

Kiara Williams

Where to begin with this bio—My enthusiasm for LEGO kits? The collection of semi-complete art projects stacked in my office? Or how about my love of all things Harry Potter? Well, in a nutshell, that's me.

But while building, crafting and learning about witchcraft and wizardry ultimately create my off-hour hobby carousel, I dedicate work time to writing for Rightworks and the accounting profession. My ultimate goal? Produce quality content (for the profession supporting us all) that does more than inform—it entertains.

More articles by Kiara Williams

Related Posts

3 security takeaways from the IRS Littlejohn data breach

As victims of the IRS Littlejohn data breach receive notification, firms need to ensure their cybersecurity policies will protect client data.

How your firm can fight identity theft and fraud

Are you prepared to prevent identity theft and fraud? Learn what accounting firms can do to reduce their risk.

5 steps for creating a written information security plan

All firms that have PTINs must have written information security plans (WISPs) that meet legal requirements. Find out how to create one for your firm.