Create a Safe Word for Your Business - Right Now
“We shouldn't worry about getting hacked, that's illegal.”
This week’s blog is short and to the point. Because I really want you, your team, your family and friendies to execute this super simple security setup with no fluff or distraction.
Create a safe word - or whatever you want to call it - passphrase, secret code, secret word, security phrase…
Do it right now.
This is not for accessing data: it is to put a first line of defence in place for nefarity based on social engineering, so it doesn’t need to be complicated. In fact, a complicated one may negate its purpose because if folks can’t remember it, they may bypass using it. Maybe even make it fun and silly so it would be hard to guess but easy for those who know it to remember.
We’ve all heard personal stories of money requests from “family members in trouble.” In business, requests to move money, make large purchases, divulge passwords and corporate secrets, or fire employees are actions that could be asked to undertake. Create guardrails for this so that people can’t complete actions with considerable implications without the safe word. Make sure you change them when employees leave, of course, as well as on a regular basis.
Having a passphrase for personal and business relationships has always been important, but with the rise of AI, human voices, mobile numbers and email addresses can be easily cloned, making it easy for the nasties to request actions from seemingly authentic contacts. In short, it has made “socially engineered” breaches and actions easier to execute.
Social engineering exploits human psychology rather than technical vulnerabilities; preying on our positive human traits like trust, helpfulness, curiosity, and respect for authority and our not-so-stellar ones like laziness, need for approval and fear of authority.
Here are some common social engineering tactics:
Baiting
Offering something enticing, like a free download or USB drive, containing malware or malicious software that compromises the recipient's system when accessed
Impersonation
Pretending to be someone else, like a company executive, to persuade employees to disclose sensitive information or perform unauthorized actions
Phishing
Sending deceptive emails or messages that appear to be from a trusted source, asking recipients to click on links or provide sensitive information like passwords or financial details
Pretexting
Creating a false scenario or pretext to gain someone's trust, such as pretending to be an authority figure, colleague, or service provider to extract information or access
Quid pro quo
Offering something of value in exchange for information or access, such as promising technical support in return for login credentials
Reverse social engineering
Convincing a target that they need assistance or support, then exploiting their willingness to cooperate to gain access to systems or information
Of course, it is crucial to educate individuals and organizations about these tactics and implement robust security measures to mitigate the risk of social engineering attacks - but the most simple, yet effective, system you can deploy right now is implementing the safe word.
Here are six other simple security systems you can put in place - after you set up your safe words, of course.
Shouts to my friend Andrew Wall for bringing this up - I had it set up personally, but he reminded me to do it for business.
Featured Template
~~~
Featured Template ~~~
15% off discount code: BLOG
QuickBooks Online (QBO) is a powerful cloud accounting software used by millions of businesses worldwide.
If you're making the move from QB Desktop to QBO, don't go it alone. These templates help you create, migrate, copy, and back up your files without missing steps, wasting time, or losing data.
No need to fumble your way through this one-time process when we’ve already done all the leg work for you!
Created by accounting professionals who know and love QuickBooks Online, these templates make migrating your systems easy and efficient.
What you get:
Checklists of tasks & to-dos
4 spreadsheet options to fit your needs
Best practice notes & video walkthroughs
Realize Community - Practice Management Ask Me Anything
Wednesday, Apr 24, 2024 3:30 PM - 4:30 PM EST
Choosing Practice Management software is such a big decision for you as a firm owner and there are so many tools to choose from.
Jason Staats is hosting a Practice Management Ask Me Anything session.
The panellists are his Advisors In Residence*, with expertise using tools like Canopy, Financial Cents, Karbon, Keeper and TaxDome.
Jason is going to be asking us about everything - from features to support, onboarding, client/team adoption, and whatever else you want to pop in here.
Please join us for this special Realize meetup, where we can pick the group's brain for an hour.
What is each PM tool best at right now?
What are they not great at right now?
What new stuff are you most excited about?
How is the onboarding process?
How has adoption been with clients and team members?
Client portal wins and woes?
This session will be recorded *and run as a live stream inside the community.** So simply visit the event page to join the fun (no Zoom links).
*Realize members have the opportunity to book a 50-minute session with each of his advisors once/quarter as part of your membership fee - super valuable perk.
**This is a Realize Community event series. You must be a member to participate.
I highly recommend you join Jason Staats's amazing group - you will love it there!
Simply yours, Kellie :-}
::Shameless Call To Action::
I sell bookkeeping templates, standard operating process handbooks and client guides.
15% off discount code: BLOG