.jpg)
Good day and welcome to The Tax Answers Advisor with
Marcelino Dodge, Enrolled Agent on show number 57. And just enjoying this crazy
ride with listeners all over the world which I really appreciate you
downloading this podcast. Also, we are going live on Facebook at this time, as
well as downloading this to our YouTube page at a later date, as well. So,
you'll be able to see us there and find us along with the various discussions
that happen. That's already there for you to easily access, I invite you all to
join me for a free mutual exploration session at your leisure, you can schedule
that just to see if what we're talking about here. Because these securities
where we're talking about today, cybersecurity, in particular or anything
related to tax just to help you to pay as little tax as possible, which is what
always my goal is.
But yet also to keep your information safe, you're invited to
contact me at 844-394-4287 or email at success@cashtracksfinancial.com or just visit the website, tons of
information available for you there at cashtracksfinancial.com. As I
mentioned a little bit today, we're going to be talking about protecting your
business and personal tax information from the Cyber Storm. And usually when we
hear the word storm, it thinks about a lot of different things. But this is in
particular to your personal private information for yourself or your business.
And to help me with this discussion today is Alvion Legall, of ABL
computers, he just released a new book called Cyber Storm, how to protect your
business from a data breach. And the resulting Cyber Storm of fines, lawsuits
and customer loss which we hear about these going on. We hear about the major
ones from the major companies but they happen to the little guy too, which you don't
hear so much about. But that's just like myself.
So, you don't hear much about that. So, it can be very costly
for ones like myself. So, we're going to talk about this today as the founder
and CEO of ABL computers. AL operates this IT service company focusing on the
financial investment firms and medical offices where that line is security is
just so important. That's why I'm talking about this because as a tax
professional, it's vitally important for me just as much as any others. And in
some ways even more so because I'm a little guy, supposedly not having this big
IT department. But I got to be able to still protect your data because my computers
are online, just like all these other companies are. So, we're focusing on
crisis prevention, limiting virus outbreaks, also limiting security issues and
want to keep all of these potential problems, we want to keep them to a minimum
because that's just the best thing for the business and for you personally.
And I love how AL educates clients on social engineering and
social media platforms. This is something that many people don't realize how
social media platforms can use your data in predatory way. So, I'm glad to be
able to talk about that a little bit as well. So that myself as a business
owner, my employees, and even if you're just a student going to school, all of
you, and all of these people are actually the first line of defense against
disastrous outcomes because that's obvious. That's where a lot of them happen. So,
I just want to really just stress it, we're going to discuss these very
important topics today. And so, I'm gonna welcome Al, thank you for joining the
program today.
Alvion:
Thank you, Mr. Dodge for having me once again. So, it was a
pleasure being here on your show.
Marcelino:
Yes, yes. We really appreciate having you here. Because these
are such vital topics to cover, especially security and related to taxes. See,
it's interesting. I have a tax program that I talk about where I talk a lot
about tax stuff. But really, because IRS requires that I have basically like a
cybersecurity policy. And so, because I deal with so much information, I feel
it's important to talk about this for my taxpayers and the people that listen
to this program because it is important. We're going to discuss that even a
little bit more as we go along there and you got some wonderful information but
I just wanted to ask you a little bit here. Why did you feel it was so
important to write your book here about the cyber store?
Alvion:
Well, one of the reasons why I feel so important because a
lot of small businesses out there, they don't see it as, as an important, something
as an important task to take on, but rather or they figure, it's an impossible
task to do. So, it's super expensive. But I wrote the book with a purpose of
trying to educate a lot of the business owners out there that these are some
small steps that you could take to help protect your client’s information in
protect their own information there so that they don't be fall victim to any of
these cyber criminals out there, or these bad actors. So that's the whole
purpose of the book is just there to educate anyone that's interested in moving
forward in a cybersecurity action plan for their company.
Marcelino:
Okay. Yes. And certainly, that's what I've been constantly
working on as well, I've taken continuing education classes for this just for
tax professionals to do that. And so, I've been, and developing a plan I know
for myself is this, it's an ongoing process, you start, and you adjust, and you
adjust, and you just keep adjusting. And you keep it up to date as best you
can. Because it’s a constantly changing there. Now, one of the interesting
points I really liked about your book is how we see how on TV or media, how
they often show hackers or that little guy in that dark room with that hood on
or whatever, doing their little thing. But yeah, as you point out very nicely
in your book. That's not the case for hackers.
Alvion:
No, no, definitely not hacking, it's not a difficult thing.
And it's just a matter of you have people just paying attention to your actions
and what you do. And one thing that a lot of hackers use is something called
social engineering. So, they take a look at all of the content that you're
putting online, what are you liking? What do you, you don't respond to and even
marketers do the same thing. So, they start building a profile about you, if
you have a tax account, if you have a tax company, then you will show you do
advertisement and so forth. So, hackers gather this information, and then they
use this information to try to catch you based on what they have learned or
what they have gathered about you so far.
Marcelino:
Yes, and one of the important points you mentioned about that
is, is how and how you'd run that experiment one time in a class where
individuals where you tried to hack a cable company?
Alvion:
Yes, yes, that one it's is very good. So, I'll just give you
a brief synopsis of it. So, what it is, it's just a simple, I ask someone to
just get a video or sound of a crying baby. And then we call the cable company.
And this lady pretended to be you know that she wants to change the information
on the account, get Disney or cartoon channels shows that a kid could watch the
channel, watch this channel. So, with them calling and they're hearing the baby
crying in the background, they have already created a case of sympathy or
empathy with the agent on the phone. And interestingly enough, the agent was a
female. So, you have that already in, the scene was already set. And we were
able to make changes to the cable come to the account without even us having
access to that account, or anything like that. And these are some of the
tactics that hackers use something as simple as a baby crying. So, it presented
a stressful situation. And then because of that the representative on the phone
was able to make the change how we got the Cartoon Network and the Disney
Channel and all of these things added to the account. So, these are things that
you know what these are what hackers use for free to get into people.
Marcelino:
Oftentimes, too, we think about things like security
questions in, I'm sorry, passwords where I'm going passwords and pin numbers.
And I know on cable companies, sometimes you're supposed to have the pin number
to be able to access the account or beyond the account. But as you just
explained, it's not that well, it's easier than you think to get into these if
you have the certain emotional appeals, which is certainly in your particular
case that you described there. That is what happened. Now I also appreciate
Yes, we always talk about having a certain password, difficult password of a
certain length and certain types of characters in the password or a pin number
and they are stressed these areas about not having something that's easy to
remember or just all these different suggestions that's made out there. But
something I hadn't thought about. But a point that you made very clearly, in
your book is about how hackers don't necessarily need to know that stuff
anymore. They can get by with some other things as well. So, what can you tell
me about this?
Alvion:
Yes, yes, they could get by with many other things. So, I'll
give you an example. This happened with an accountant. And what this hacker did,
it was the last day of tax season. And as any CPA would know, most clients tend
to send their documents on the last day, people tend to wait for the very last
minute. So, what ended up happening with this person, they got a bunch of
emails from clients with documents attached, and so forth. So, the person was
going through their emails, and their senior Cash manager, just clicking open
and click and opening click and opening, so that monotonous and repetitive
action now, they actually, the hacker actually sent an email with a document
attached.
And what the hacker did, they typically, just a little side
note, typically most applications when you scan a document, it tends to give it
a doc.pdf name, that's what by default, doc. whatever it's going to be. So,
this file came in, it was actually picked doc.exe. And just because of the,
have seen so many doc files coming in, and so forth, they just click, click,
click. And sure enough, this was an executable and all the bells and whistles
went off, a bunch of things start to happen in the background. And that's how
easily people could fall victim as some of these acts, some of these executable
files actually sort of pull information from your system without you even
knowing that all of this is happening. So, a lot of times, hackers don't
necessarily need to get your passwords for some applications, they just need to
gather your data and through your data, even through your browser that also
will save passwords, they actually could use these things to get into your
accounts, and so forth.
Marcelino:
Yes, see that email caution that you have there is actually
something I've been very careful about for a long time. And even before I was
working with you on my computer security, there were some other professionals
CPAs that I do some education with, who talked about this type of deal. And you
mentioned the security part in that, you know, they have what they call a no
click policy in their office, which basically means they don't accept tax
documents through email. And for the vast majority of people that's especially
anybody that I don't know, that is the policy.
I mean, it's no, you have to upload them none of this email
stuff for the very reason that you just described, which is why I even have in
my marketing of how seriously I take this, about security and just protecting
client data so that situation is avoided. They're so, so right along with this,
though, as we discussed this here. So, they don't need to know your security
questions. There's different ways they can get in which I'm going to there's a
couple other things later on. But a point here that I wanted to ask you about,
too, is because you touched on this in your book about, wisely using social
media there, why would that be important for a taxpayer to wisely use social
media?
Alvion:
Well, in social media clicks for example, Facebook, just to
use one, one of the major ones out there, people it's just the environmental
social media, Facebook, it tends to encourage people to share information about
themselves. And there is a saying that a picture's worth 1000 words. And a lot
of times people don't pay attention to things in the foreground of their
pictures. So, people post pictures of themselves, they're looking at themselves
but, in the background, there are other information that could tell you a
little bit about yourself. There could be the Hugen Duzz ice cream on the table
or the Twix candy bar on the table. All of these little things start to tell so
what hackers do, they start gathering these small little breadcrumbs about
yourself and start building a profile for you.
So sometimes we have to be very careful. I know Memorial Day
weekend is coming up and what hackers tend to do, if they know that you are
always traveling on Memorial Day and you take pictures and you go back into
your Facebook profile, and they see every Memorial Day, you're in Washington DC
at the monuments and so forth. Guess what, then one piece that no, you're where
you're not is in your office. So, your office computers may be on Monday,
we'll use this information. Say we're going to try to get you during this time.
So, there is, um, don't get me wrong, I'm not saying don't post anything,
sometimes we have to just be very careful of the content that we're posted. And
make sure everything in the picture in the foreground and the background, and
everything of the of the photos is what you want to show, and nothing extra
because we'll be surprised. What may what you might be sharing with people out
there. So, this is something that you have to also pay attention to when it
comes to social media posts.
Marcelino:
Okay, so what it sounds like, at least from the way you're
describing is that any of us could be essentially, like social media stalked by
someone and it doesn't know and it won't necessarily mean that something is
gonna happen tomorrow. Or next week, we're talking something could be a year,
two, three years down the road as soon as they build that profile as you were
talking about. So,
Alvion:
Yeah, exactly. So, they are built, they will start following
you. And they are realized that, hey, you're a CPA. So, chances are April 15 is
a busy day or the week of April 15 pretty busy day, extension deadline, October
31, sales tax deadlines, because this is all of these deadlines are public
information, you could find it from the IRS website. And once they know that
your CPA or you're working with this particular company, or this particular
client, they would use these things to find a way into your network and so
forth. So once again, it's not a matter of not posting is just be aware of the
content that you're posting.
Marcelino:
Yeah. See, that's so that makes it seem to me like you need
to, at least when you're looking at a tax person or looking at something to do
your taxes anymore. It's not just dialing up the phone book, or searching for a
month, searching for the someone online. It's like, well, maybe I need to look
and see what they have some type of social media page, what are they doing? I
mean, like, what are they doing individually? What are they what are they
posting, because it seems like it's got to do as much research? just in that
manner to find someone to do your taxes as anything, because how careful are
they being about their own stuff is going to indicate how careful they're going
to be with your stuff? And they said, that's what that makes me think of when
you're sitting, you're talking about this.
Alvion:
Exactly, exactly. And one of the things especially for CPAs like
what I pay attention to if I go to CPAs office, yes, I know the desk is dirty,
and the desk fast and dirty, I mean has a lot of paper on it. But if I could
look at a desk and see someone's 10,14 there with their social security number
that tells me that they're they don't the company doesn't have certain
procedures in place, especially if I am sitting across from their desk, and so
forth.
So, I do understand the SG sometimes you put papers on your
desk, you may be working on a particular crime, but the most important
procedure to do is to make sure and put away all of these documents at the end
of the day, lock them away, if you're going to digitally save them, digitally
save them and digitally and shred them to shred the paper and so forth. But a
lot of accounting firms they don't pay attention to, they don't pay attention
to that they will see clients with someone else's tax return sitting there
because you never know who may take up there who has a full photographic memory
or even use your cell phone, something simple as a cell phone just to take a
picture of a tax return that's on your desk. So, these are just some steps that
you could take to help protect your information your company and also your client’s
information.
Marcelino:
Yes, yes. Now on a just a sidestep here for just a minute.
I'm thinking, as we're going through this makes me think so I get these, I get
these periodically, and it's really weird that I get them but at the same time
I'm knowing why is that there are companies out there are Russian hackers out
there, delimitate major companies like Microsoft. And one of the things I know
is that I get these emails occasionally saying your office 365 password has
been changed, or your subscription is expiring. Anyway, something that tries to
create a sense of urgency that I need to click on the link that's in the email.
Because the subject matter always has something that's makes it seem like it's
urgent. But yet I just from stopping oh, wait a minute.
Well, one thing is I know, okay, well, I know what my
password is. And I know I haven't changed it. But by the same token, Where's
this coming from? And then to if they're saying my subscriptions expired, and
I'm like, wait a minute, I know when my subscription renews, why am I getting
this in September? And I know that don't, it's in a different month that it
does it, so. And so, and then when I stopped when I look at Excel, they'll try
to imitate Microsoft's logo and everything there. But when but one thing I have
learned is to always go and look at okay, what's the email that it's
originating? Where's the originating email or the sending from email address?
Then it's like, what? In some way? In some cases, it's like completely
different. In other cases, it tries to be just close enough. So, have you seen
some items like that happen?
Alvion:
Yes, yes, those are things that we that I see and come across
a lot. And one of the things that we have systems that we put in place to help
in cases of that, like, for example, just like to say this, you know,
cybersecurity goes beyond just a firewall and an endpoint protection, it
involves five, cybersecurity just involves people, processes and technology,
you know, the processes are simple thing that you will implement into your,
into your entire practice, what you will do, and so forth. The technology is
where you put in your firewall, or you have the risk and compliance thing,
those are typically things that is given to you by the federal government, you
understand, some state or federal organization. But the last part of
cybersecurity is people. And I know earlier, you said that you don't click on
emails and so forth, you don't click on links.
And you, you made a very good example, that you saw the email
and you stop for a second, and you thought about that email, you said, I know
my subscription is not expired, I know I did not change my password. And with cybersecurity,
when it comes to the people, it is good. It is great that you stop for a second
and just think, just think about it. Because it's not to say your entire
company is on fire. And it needs to be dealt with right now. But you stop for a
second and think. But what do you do when you're you have an entire
organization of multiple employees, not everyone will take those necessary precautions?
So that's where companies like mine come in, where we put things in place to
help those fast clickers, we call them.
And we it's all about cybersecurity training. We give them
security training, what we do, you mentioned office 365, what we do with your
office 365 subscription, we brand it to your company. So, when you click on the
link, it actually takes you to your everything will look like your company. So
that's one of the things that we specifically do, it doesn't look like the
traditional Microsoft signing what everyone will typically see. But one of the
things we do we specifically branded and we let our clients know, when you see
this, you know you're in the right place. If you don't see this, you're in the
wrong place. And these are things for the fast, for those fast clickers, and so
forth.
But another thing is some of those emails that come through,
if you don't have a security, an email security system in place, that scan in
your emails that it's coming from, is it's called those types of attacks are
called fishing attacks, that you need to have a security system in place that
detects fishing attacks, and so forth. And not all system 100% but yet still,
aside from everything else, you have to have the security training, you have to
do some sort of rebranding with your office 365 accounts and so forth. And last
but not least, if you cannot take a second and think about it, there is always
an IT person you could call what we try to tell our clients is, give us a call.
Just give us a call. If you have any doubts, give us a call. Because what we
try to do is manage all of these things for you. So, if your subscription has
expired, you don't worry about it, we take care of your subscription, and
everything for you. So, these are things that we try to put in place and
encourage our clients to do so that we take a lot of the responsibility away
from you so that we can help protect you in terms of your network and your
infrastructure and your data.
Marcelino:
More that's great, fantastic, because that's similar to what
I do, when I have a client come in and say they need help with attacks or
payroll issue. And I know you experienced this sometimes, but I experience some
times where they just don't want to let go of some of that control. But I tell
them, if you do, when you do this, at least in my particular, I know you do
this, you don't have to worry about whether the payroll taxes are paid, you
won't have to worry about if your tax returns getting done these things you
won't have to worry about and you won't have to worry about your bank
statements getting balanced, which some people that I start with, haven't been
balanced in three years.
And so, I look at it like from what you're describing there
the importance of having a professional in your corner that can manage these
things for you, just as I do what I do, having a professional like you doing
what you do to take care of some of these background things it makes, makes
these computers feel a whole lot more secure. I know just in the time I've been
working through the last couple years, I tell you what, I felt a whole much,
whole lot better about my systems.
Alvion:
That's great.
Marcelino:
They're so and it's makes me feel real confident talking to taxpayers
and saying, Yeah, you're doing what we can't protect your data. Because it's
just the right thing to do, really is. But yet, as I mentioned here earlier,
one of the things I wanted to really stress or get to, is talk about as a
taxpayer, when they're doing their tax return, because when one of the
complaints I get, because you're always gonna have shoppers, just you have
shoppers and everything. And I get the shoppers calling how much you charge for
tax, and they go well, that's expensive.
And I'm like, well, I
give them a small explanation of this is why not just the professionalism that
we exercise, but the fact that we protect your data to some people, they don't
care, which that's their choice. But by then the other token is that those that
do care, they actually appreciate it. And I've been telling all my clients, you
know, you're not just paying this, you're paying to cover to protect your data
as well. And it's amazing the number of people when you explain that to them,
they really do appreciate the fact that you take such stringent security
measures there. And so, what I want to think about is or get your thought on
is, why would it be very important for a taxpayer to consider not just price,
but consider is this tax person that's going to do my tax return? How are they
going to protect my data? Why is that? Why would you think that's so important?
Alvion:
Well, why I think is important, it's that in your as a tax
professional, I'm sure a lot of your clients come through word of mouth, or
through a family member, and so forth. And these individuals, they talk, they
talk amongst each other, they will tell each other Oh, my accountant is really
great. He's this type of person, he does this for me, he does a wonderful job.
You have a raving fan. But now, let's say one day, this person has a breach. Your
accountant has a breach. And now this person is seeing this individual is seeing,
hey, another credit card was opened in my name, I didn't open up a credit card.
So then now they're asked to go they will talk to their friends that they raved
about. And then they'll say, you know, hey, I had the same thing happened to me
too. And they talked to another, I had the same thing happened to you too and
then no say how it happened to you.
Now when you're going to look at it now, they will sit down
and realize the only person all three or five of us have in common is the
accountant. And this is why it's very, very important and most times when our
accounting firm gets a data breach, they typically lose all of the clients.
Now, as a as a tax preparer, it is I know you all are required to get to become
certified. And you all have to do training each year to be able to prepare
people's taxes because tax laws constantly changes. It's the same with the
cybersecurity, in the cybersecurity technology world, the landscape is
constantly changing.
And it is very important for you, as a taxpayer, and your
colleagues to focus on what you do best and have someone else focus on the
threat landscape that is also equally changing. I will say the threat landscape
for technology rapidly change even more than tax laws already change. So, it is
very important. When you reinforce that with your clients to say, hey, we are
taking all these steps, we have to get trained, we have to get certified to
continue doing the best job we can to make sure you as the client don't get an
audit from IRS or don't have to pay penalties. And we're trying to save you the
most money as possible. In order for me to do that I have to also take the
responsibility to protect your data. And I'm not a technology expert. And I
have to pass that off to someone else. So, it's very important. So that is why
you should, it's very important people should actually look into this.
Marcelino:
Yes. Now, once again, as we look at the taxpayer, we think
about the person trying to come in the office here and ask questions. What do
you think questions that a taxpayer that's looking to at a tax professional?
What kind of questions should they ask this tax professional about firm
security?
Alvion:
Well, one of a good question to ask is if they have
cybersecurity, liability insurance. And that is something that is very
important, because in the event that a tax company gets breached, you need to,
that company needs to pay for credit monitoring for that individual. And making
sure not to get anything rectified. And insurance is the way to go. Because to
do this is a very expensive thing. And the way it works is if you may only be
working with 100 clients this year or 200 clients this year, 300 clients, but
when you have a data breach, they look back at all the data that is exposed to
the breach. So, if you have been in business for 10 years, and you have 10 years’
worth of data there, that's 10 years added up of all these clients, you have to
pay for cybersecurity insurance for but of cybersecurity, credit monitoring,
apologize credit monitoring for what these individuals so that's a very good
question to ask. And the reason being why that's a good question. Cybersecurity
liability insurance is not something that you could get dressed like that the
because of the threat landscape has changed so significantly. Insurance
companies are requiring you to make certain that you have certain things in
place before they're willing to give you insurance for it. It's kind of like
insurance policy. They want you to go get a health check. They want to make
sure you're not based jumping or skydiving and all these different things so
that before they can approve a policy for you so when it comes to cybersecurity
liability insurance companies are requiring you to have certain things in place
before they could actually give you give you a coverage. I once that once I
think that's the key question at any tax crime could ask the preparer if they
have. And that's going to kind of give them some form of umbrella coverage for
everything. And,
Marcelino:
I like how you brought out about the cybersecurity insurance
because I was at a trade show a few years ago. And one of the companies, it was
an insurance company there that was talking about this very matter. It's been a
few years back, but they were talking about, and I was just visiting with them.
Because I mean, we always check out different things. But I was visiting with them.
And then one of the guys just flat out asked, do you have cybersecurity
insurance on your business policy, and I had to stop and think there and go.
You know, I really do not know that I know, I got my building covered. I know I
got my liability covered. I know I have my business property covered.
Do I have I mean; I had to really stop and think about that.
And so, I kept in touch with them. And eventually I went ahead and I let my
current policy expire. And then I went ahead and signed up with them and really
got the looking X, I actually called my existing company and asked them about
that. And they had really no clue what I was talking about. It was like a new
thought for them. This must have been like 2014, I'm trying to think it must
have been there, must have been when it was around 2014. I think it was last
time anyway, that's what really got me thinking about this was always kind of,
well, I have the insurance but and I've been going I stayed with this company
for since and I'm with same company.
But then till I got to talking to you about X, I always kept
the basic things the internet security anyway, program on computers all saved
everything. And then but I just but then I just got the thinking. And I was
like man, and I got to visit with you. And I was like, and then as things kept
going, I was like, man, things are just, I just don't think I'm doing enough.
And as I've continued to learn more about this, it's like, Man, this is very
serious. I don't want to be one of those statistics out there, have an
individual who has been breached. So, it's very important. Yes. So, as I talked
to individuals, I talked to him about security. I mean, it's so important to me
about it, I talked about it. In advertising, I talked about it when I talked on
this program, because it's so important if you're when you're looking at a tax
professional to have that as part of the introductory conversation there. So
just to add some of this is just kind of re-emphasizing, a lot of different
things that we've talked about today already. So just to kind of really hit the
point home here, though. So, what steps once again, do you think that a tax
professional should be taking to protect the client data just to make this is
just so important?
Alvion:
Well, there are many, there are many, many steps that they
could take, but I cannot go through them all. I think it all starts with, let's
see what you have in place. Because there are multiple, multiple scenarios or
multiple solutions, because we have to look at where the data is located, who
did, who is withholding the data, all of these things. And there are different
procedures that you have to go through for that. So, something like that this
is where you have to, I would suggest you call someone like my company, computers
just to get a security assessment.
And these are things I redo for our clients or prospects or
anyone that's interested, we do that for free. And we're able to develop a
cybersecurity action plan for companies and so forth. But if there is one, one thing
I will not say this is a silver bullet, that's going to be the one and done on
your protected, I will say the most important thing its backup. That's the most,
I will say, if I have to call one item, I will say backup your data because in
the event that there is a breach, yes, they are taking your data but most times
they encrypt your data, what if you have a good backup that has been tested and
you know it's working and it does continue or backup even while you're working
during the day. That is something else say to go so that you could restore to
any point of the day and so forth. So, you don't lose an entire day of data or
anything. So, if it's one thing I have to pick, our pick that as if it is not
the silver bullet that's going to protect you. You're one and you're done or
anything like that.
Oh, yeah. So many layers. Well, I just know just from what I
work with here, that we've been talking mainly cybersecurity, but even within
the office, you mentioned a little bit earlier, but even about the physical
security, because I remember, a few years back, I just didn't think anything of
it. But I would leave, I had a table that I will just put finished tax returns
on. Didn't even think about it. And then the additional information started coming
out. And it was funny, because I thought I was sitting here thinking, a few
years back, you know, I had these file cabinets, and I got four of them in my
office, these metaphor caps, I said, no, I probably won't be using those again.
Well, it turns out that I'm using them rather consistently. Now, I, they didn't
have locks on them. But I found a little system where I could put a lock on
them and lock them up and have the client information, the physical information
secure. So that's the physical security side. So, I got that down. And then as
I continued to progress and learn more, I take additional steps of adding in
additional cybersecurity steps and driving. I mean, there's so many passwords
to get on to everything. But that's what you need. Right? Yeah.
Alvion:
One thing I'll just like to say just quickly about passwords
is a recommend to anyone to get a password manager, if you're typing the
password now, from your head, the password is not strong enough, I will tell
you that right away, that's a rule of thumb. If you're typing a password from
your head, the password is not strong enough. And I will recommend you get a
password manager, what a password manager will do for you, it will help you it
will generate passwords for you. Sometimes 20 to 36 characters long, as much as
they allow it, the application allows you to put but now the password when you
look at it, it's not something you can recognize most of the times the first 15
characters is some special character, and so forth. But the point of it of the
matter is that they, what hackers have realized is that even today, I read an
article where Microsoft is asking us to turn off the 90 days, Password Reset
settings on there, an application password expires in 90 days.
Because what happens is that it leads people to let's say, if
your password is tax 1040, and in 90 days, which are tax 1041. Not in tech
stacks, 1042 on your keep going on. So, people tend to do these things, and so
forth, just changing one number. But once again, the most important thing when
it comes to passwords are to just get a password manager select us extra super
strong password just to get into that application. And that application is
going to generate all the passwords for you for all of your other tools. And
with that application do turn on two factor authentication on that application.
So, whenever you sign in, it requires a second code for you to access these are
things that we do provide all of our clients because we realize the level of
security that it required for them just to protect themselves, because we're
trying to deal with the people side of the cybersecurity paradigm.
Marcelino:
Yes, definitely there I understand that because most of my
applications, yeah, have that two-factor authentication, as a part of them, be
it going to like an authentication app of some sort, or a texted code to your
phone because at least the thought is that they may get the password, but
they're not necessarily going to have access to that second code. So, I do know
sometimes it's one thing I did happen to notice on one of my when I changed my
cell phone over, I noticed I had, did have to go into one of my applications
and say this phone is no longer valid for that code. So, I did catch that
because they because it'll send it to both phone numbers because it'll but the code,
I had to tell it that this one's no longer valid.
So, and something else I do need I do find always
interesting. Last couple years this has really been happening a lot during tax
season that I caution tax professionals and even tax payers on are that
sometimes these hackers will send you a message saying oh I'd like you to do my
taxes. And everybody goes through a rigorous was process here because of it.
And I always find out who's legit and who's not. Because they'll always send,
they'll say, okay, and do my taxes. I say, okay, okay, I'll respond. But this
is what we require. And I give them all the little requirements, which is
standard procedure anyway. And then what they do is that they'll turn around
and they'll say, Well, here's the response. Instead of doing what I told them
to do, they'll say, here’s my basic information, click on this link.
And I haven't got one this last year that it, it looked, I
mean, that it looked pretty legit. I mean, it had a nice little signature on it,
even had the guy's picture and everything like he was serious. But yet, I said,
Okay, this is what you need to do. I never heard from him again. I even made it
possible for me because I because I said, Okay, here's your email, here's my
basic information, I can put it into my client management program and just say,
Okay, here's the introductory email, here's your name, open up your account
here and put your documents here. Nope, never heard from again. And I'm like,
well, he wasn't serious at all. He was just fishing, as you say, trying to see
what he could get you to do. And I've had and I've gotten, I've gotten these
types of emails, it's been the last couple years, these have been showing up,
coming in. And so that's where I know, I need to be professional, which is why
when I have new employees or whatever come in, I stress about this, there's no
click.
In fact, with them, I tell them, you can't click on anything in
an email that comes in, especially any attachments that come in, don't be
clicking on anything, because this is why. And actually, most of the people
I've worked with, I've had the fortunate to work with, they've been like, okay,
yeah, that makes sense. So, I was explaining the seriousness of it to them. And
I explained the seriousness to my clients, because it is so vital that they
just do this and be very, very careful about it there because it is people's
information. There it is people's lives, essentially, that I'm working with
here. And I have established a level of trust, which I, which I'm always
amazed, I just do my best to help people. But it's amazing how just working
with people being kind to them. And just being professional, just you build
that that level in there. And then how easily through something like this that
can just go poof,
Alvion:
Right. And what if I, as you talked about emails, what I will
say what I've noticed as common across the industry is a lot of accountants and
CPAs, have an AOL or Gmail, or Yahoo email address. And I think that it's a
huge disservice that they're doing to their clients. Because just as how the
hackers will know that you have your tax accountant or tax professional, they
and they find out that you have a Gmail or something like that, they can easily
find out who your clients are, not through you, but maybe even through one of
your clients saying that, hey, you know, Mr. Dodge, he's a great accountant,
and so forth, he does really good job for me and so forth, posting these things
online.
Now, but if you have a Hotmail, Gmail or one of these free
accounts, what tends to happen and what I've seen a lot, it's that hackers will
tend to create an email address that's similar to yours. If your email address
has like an I or L, they will try to use uppercase of the version like an
uppercase I is looks like a lowercase L in some cases. And when they send these
emails, they could send an email to your client saying, hey, I happen to
mistake your account number. Can you just send it over to me? And if I would,
yes. Okay. This is Mr. Dodge; I'm reply to that email. So, what I tried to let
them know is to stop using these free email account because your clients could
easily fall victim to that. And as I mentioned before, about processes, some of
the things that you could tell your crime is that one, we will never ask you
for your bank account number of emails, we will never ask you these
information, we will pick up our phone and call you and ask you over the phone
for this information. We will never ask you an email for your social security
number, or anything like that. So, these are things that companies could
implement, and especially with emails, that's the easiest way anyone could get
into a company because most threat comes through emails.
Marcelino:
Yes. Yeah. Well, that's why I guess that's why for years I've
used one of the URLs that I used for business, for the email just for that I
hadn't thought about that before. But I said I always thought of as a more I
have a branding thing myself. I didn't attach it to a security thing. But it
does make sense that it'd be more secure. Because you look at, in my case,
Lamartaxes.com. That's like, you know, that's coming directly from him. Because
that's he owns that he wrote. Exactly, he runs that. So, but yeah, and but I
agree with you a lot of the emails, I've seen from CPAs and other people that
do taxes are not what I call a branded email.
They're a free email. And I can see very well how that could
be problematic for. And the crazy part about it is and just what I've used in
my little technology that I've learned is that it's not that expensive to even
set up the email related to your website, because it will all have a website,
tax whatever service.com. It's like, why don't you just use that for your
email? And it's, it's very low, it's very cost effective. And obviously, from
what I can see now, it's even important for security purposes as well. So
that'd be another thing that I guess that'd be another reason to question who
you're using for taxes? What email address do they are they using? Are they
using a free one trial? I'll admit I have a free one. But that's personal, that
kept separate from business, so.
Alvion:
But I wanted to check if I may interject here. Sorry about
that. But you mentioned branding. And, you know, I'll speak as a client here
for now, if I am paying you to do my taxes, why do you have a free email? Why
can't you get an email that you could pay for? What are you doing with my money
that you're telling me to pay for this service? So, these are, as you
mentioned, Branding, that is really key. But it's you know, since I'm a
cybersecurity expert, I will tie it back to cybersecurity. It is a security
breach there if you're using one of these free email services that you can get
your that they have out there.
Yes. So yeah, so that's another caution for use of taxpayer
is, what kind of email is your tax person using, or especially if you're
allowing your friend to do it, that's another issue, because that's I, you
know, imagine how many unsecure that is, as well as how many of those that you
got to fix and then even other mistakes that are often made with those, but
that's a whole another discussion there. So anyway, just but just think about,
if you don't put it like this, at least from my standpoint, is that if you're
not going to do your own tax return, you need to have someone who does it who
has not only the knowledge of the taxes, but the security precautions in place,
both physical, and software and cybersecurity wise, that way your information
is protected. And don't be afraid to pay for that kind of protection, because it
can end up saving you a lot of hassle. Because we haven't even talked about
identity theft. We don't have time to talk about that. But it's just the
importance of it that we got to keep in mind there. So where can we even talk
about all this, but where can ones if they been very interested here coming
about the Cyber Storm or they can work? Can they go find your book there out?
Alvion:
Well, our book is found, it's on Amazon, just search for
Cyber Storm. And just so that everyone knows all proceeds from the book sale
goes to the St. Jude's Children's Hospital. So, none of that is coming to me.
However, I have collaborated with some colleagues to put this book together.
And you see, all you could visit ablcomputers.com/cyber-storm/, and you
could find the, it'll take you directly to a landing page. Now, if you are
interested on that page, if you're interested in getting the free cybersecurity
assessment for your firm, you can reach me, you could also fill out that form
there. Or you could just go to ablcomputers.com.
You will find me or you can reach me at 718-848-8102.
There you could just reach out to me there, telling me you saw me on Cash Tracks Financial
on YouTube and we'll give you all of these things for free security assessment.
Once again, there's no obligation to buy this is just a free service we're
given to CPA's, accountants, or any type of businesses we could come and take a
look or we could do something over the phone, over zoom and just take a look at
your infrastructure and we could put you on a path to becoming a good cyber
citizen out there.
Marcelino:
Okay, great. Thank you, AL, really appreciate your joining us
today on The Tax Answers Advisor it's been very educational for myself and for
the listeners hear about the importance, the importance of protecting your data
and the importance of having the right tax professional, do your data and
protects your data. So, ask them those questions don't be afraid to ask them
how did how are you protecting my data? Which at least anymore to me, it's just
as important as how well do you do the taxes? That's so let's keep those points
in mind.
So, if you have any questions about today or want to talk about
any of the services from Cash Tracks Financial, always call me it's 844-394-4278 or visit cashtracksfinancial.com. And then of course the email which
is success@cashtracksfinancial.com. I always invite you to perhaps even
give me a call for a free mutual exploration session just to see if any of the
services that we offer here where we do very strongly protect your data, at Cash Tracks Financial, again I thank you so much for listening today to The Tax Answers
Advisor on The Voice America Business Channel.
.jpg)