By Scott M. McAuliffe, CPA, CISA, CFE | Risk Advisory Services Partner | Cybersecurity Services Team
It seems on a daily basis, we hear about large companies, such as Yahoo, LinkedIn, Oracle, and Dropbox that have suffered a significant data breach. When seeing these headlines, most small- and mid-size businesses probably think that it will not happen to them. Why would a criminal target my business? My business is not big enough to be targeted.
Well, as I read the Richmond Times Dispatch, the myth that small- and mid-size business are not targets was dispelled.
A well-known local market in Richmond fell victim to an Email Scam that resulted in the theft of 360 current and former employee W-2 tax forms, which house sensitive information including names, addresses, social security numbers, and wage data. These documents are likely to be sold to identity thieves filing imposter tax returns or taking out loans in the victims’ names.
According to a 2016 Ponemon Cost of Data Breach Study: United States, the cost incurred for each lost or stolen record containing sensitive and confidential information is $221/record. If those numbers hold true, the local market may incur losses of $80,000 resulting from the data breach, which is not a trivial amount.
John DeMarzo, Keiter Risk Advisory Associate, wrote an excellent article providing an example of what these phishing emails might look like, as well as tips to help protect your business.
Do not let this happen to your organization. Make sure you and your employees are aware of these scams and implement these simple steps to stop it from happening to you.
Additional Cybersecurity Resources:
- Data Breach – It can happen to you!
- SOC for Cybersecurity: An Answer to Leadership’s Cybersecurity Responsibilities
- What companies need to know about General Data Protection Regulation (GDPR)
- Five Reasons Why Your IT Outsourcer Isn’t Keeping You Cyber Secure (and neither is your internal IT team)
- Cybersecurity: So You Think You Have A Breach
- Cybersecurity: Educate and Motivate Staff to Be Careful
- Infosecstack: Your Collection of Free Cybersecurity Resources
- Access all of our Cybersecurity Resources
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.