Data Breach - It Can Happen to You!

Posted on 03.07.17

Data Breach - It Can Happen to You!

By Scott M. McAuliffe, CPA, CISA, CFE | Risk Advisory Services Partner | Cybersecurity Services Team

It seems on a daily basis, we hear about large companies, such as Yahoo, LinkedIn, Oracle, and Dropbox that have suffered a significant data breach. When seeing these headlines, most small- and mid-size businesses probably think that it will not happen to them. Why would a criminal target my business? My business is not big enough to be targeted.

Well, as I read the Richmond Times Dispatch, the myth that small- and mid-size business are not targets was dispelled.


A well-known local market in Richmond fell victim to an Email Scam that resulted in the theft of 360 current and former employee W-2 tax forms, which house sensitive information including names, addresses, social security numbers, and wage data. These documents are likely to be sold to identity thieves filing imposter tax returns or taking out loans in the victims’ names.

According to a 2016 Ponemon Cost of Data Breach Study: United States, the cost incurred for each lost or stolen record containing sensitive and confidential information is $221/record. If those numbers hold true, the local market may incur losses of $80,000 resulting from the data breach, which is not a trivial amount.

John DeMarzo, Keiter Risk Advisory Associate, wrote an excellent article providing an example of what these phishing emails might look like, as well as tips to help protect your business.

Do not let this happen to your organization. Make sure you and your employees are aware of these scams and implement these simple steps to stop it from happening to you.


Questions on protecting your business from cyber attacks? Contact your Keiter representative or our Cybersecurity team | 804.747.0000 | Email.

Sources:

Additional Cybersecurity Resources:

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Scott M. McAuliffe, CPA, CISA, CFE

Scott leads the Firm’s Risk Advisory Services practice, which focuses on providing cybersecurity services, internal audits, information technology audits, Service Organization Control (SOC) audits, and Sarbanes-Oxley assistance. Scott focuses on providing his clients with cost effective solutions to build strong, efficient internal control systems/practices that support their strategic objectives. Read more of Scott’s insights on our blog.