PBMares Accounting Blog

CyberSecurity 2017 – A Look Ahead

Posted by JJ Edmunds, CPA, CIA, MSA on Dec 6, 2016 1:33:00 PM

 

As 2016 winds down it is time to start looking ahead to 2017.   Recently, Experian, a leading global information systems company,  released its 2017 Data Breach Industry Forecast.  Below we summarize five upcoming trends from the report that companies should be aware of for 2017.

Read More

Topics: Financial Institutions, Cybersecurity Threat

Vendor Management - A Due Diligence Requirement for Credit Unions

Posted by JJ Edmunds, CPA, CIA, MSA on Dec 5, 2016 9:00:00 AM

Like any corporation, credit unions rely on a number of other businesses for materials, support, maintenance and more. Outsourcing these other activities allows credit unions to keep their costs efficient and their resources focused on their core banking functions instead.   Because more and more credit unions are out-sourcing activities, the National Credit Union Association (NCUA) has outlined requirements for managing third party relationships. 

Detailed under NCUA Letter 07-CU-13, credit unions have to ensure an active balance between seeking efficiencies for improved operations and customer experience versus controlling and preventing risks. The regulations don’t stop outsourcing per se; credit unions can still maintain their contract support just as before. However, the governance of these activities and controls cannot be delegated to a third party. Instead, under the NCUA Letter’s definitions, credit union management has to always be in charge and overseeing all activities. The given credit union also has to be directly in control of its security as well at all phases of financial transactions and operations.

Read More

Topics: Financial Institutions

Risk is the one element that lurks in the background of all businesses

Posted by JJ Edmunds, CPA, CIA, MSA on Dec 1, 2016 9:00:00 AM

Why is risk assessment important?

Read More

Topics: Financial Institutions

Many Questions Remain After International Banking Heist

Posted by Harvey Johnson, CPA, CGMA on Nov 29, 2016 8:50:00 AM

Tesco Bank, a Scotland-based bank and subsidiary of U.K. supermarket giant Tesco, recently blocked all online transactions tied to customers' checking accounts after money was stolen from an estimated 20,000 of those accounts and the bank detected suspicious activity involving another 20,000 accounts, according to CEO Benny Higgins.

On November 9, 2016, the Bank reported that nearly $3 million dollars was stolen from affected accounts, which are operated through an app or online. Customers have reported that sums have been transferred to Spain and Brazil. The Bank said is it first saw signs of fraud on the evening of Nov. 5. Some Tesco customers, taking to the bank's customer service website, have reported that their accounts were unexpectedly drained over the weekend. Others have reported difficulty in being able to connect with telephone-based Tesco call center staff.  The Bank has stated that it will refund all accounts for every customer affected by the breach.

Read More

Topics: Financial Institutions, Cybersecurity Threat

Is Your Non-Profit Prepared For The Growing Digital Threat?

Posted by Zach Rosenoff on Nov 21, 2016 9:14:00 AM

If you follow the news cyber-attacks are covered on an almost daily basis. Whether the victim is a mega chain store like Target, an international banking corporation like Chase, or a small-time local main street business, cyber-attacks are now commonplace.  All organizations, including non profits, must now consider cyber risk about its governance. Why would non-profits be a viable target? Follow the money. There is no question that non-profits attract financial transactions, and for good reason. These organizations represent the funneling of help and support so that it can be focused into combined efforts toward a beneficial public cause. However, all of that transaction information can be a gold mine for a hacker as well. Donor files, employee files, and credit card information all valuable information to a hacker. The damage of a cyber-attack can be two-fold.  Financially the costs of responding and recovering the data lost combined with the loss of potential donor funds represent significant risks to achieving the organizations objectives. In addition, now that the organizations security and that of its donors has been compromised, so to is its reputation.

Read More

Topics: Financial Institutions, Cybersecurity Threat

IT Risks and Cybersecurity for Not-for-Profits

Posted by Jonny Rosch, CPA on Jun 28, 2016 9:00:00 AM

 

Each year during tax season, there always seems to be a new data breach or phishing scheme that reminds us how important cybersecurity is to all of us and our Organizations. It’s important to understand the risks associated with these data breaches and some best practices to protect your Organization from further damage.  

Regardless of the focus of your not-for-profit, technology is now a part of everyday life and business. And if you collect donations as most not-for-profits do, you probably are collecting and storing, in some capacity, sensitive information that hackers may find very valuable in an attack (such as names, addresses, credit card information, etc.). 

Read More

Topics: Financial Institutions, Cybersecurity Threat

2016 Cybersecurity Threat Report

Posted by Harvey Johnson, CPA, CGMA on Jun 21, 2016 1:28:16 PM

 

Listen to any IT expert when he or she is talking about a cyber-attack and the typical response will be– It’s not a matter of “if”, but “when”.  

Symantec, a global internet security company, just released its 2016 Internet Security Threat Report, and the attack trends continue to back up the above statement.  Here are some key areas noted in the Report:

Read More

Topics: Financial Institutions, Cybersecurity Threat

2016 – Trends to Watch for in Cybersecurity

Posted by Zach Rosenoff on May 23, 2016 10:00:00 AM

BankInfoSecurity's webinar last week titled "State of the Hack" had telling insights into the world of cybersecurity and how the industry is forecasted to change in the coming year.

Protected Identifiable Information

Over the last year, hackers have shifted their focus away from credit card data and toward obtaining personal identifiable information (PII). While major retail hacks dropped over the course of 2015, PII became more vulnerable in large organizations such as the FBI, Trump Hotels, and T-Mobile. Which brings about the biggest concern for 2016 - protecting PII.

But what is Personal Identifiable Information? PII is classified as any information that is personal in nature, social security number, date of birth, previous employers and addresses, or drivers license numbers. This information generally does not change or is extremely difficult to change and as a result, is valuable in the hands of those with malicious intent. With the large numbers of credit and debit cards stolen every year, banks have responded with EMV technology that makes them more difficult to copy. The same cannot be said for PII.

Read More

Topics: Financial Institutions, Cybersecurity Threat

New Malware Could Be Stealing Your Money Right Now

Posted by Harvey Johnson, CPA, CGMA on Apr 29, 2016 9:17:00 AM

No joke, the headline for this article is factual, correct and happening right now. Experts in the malware field have identified a new hybrid malware known as GozNym which is attacking American and Canadian bank accounts. Spawned from the coding and traits of two previous problem packages, Nymaim and Gozi, this latest virus creation has already been used to steal $4 million. 

Read More

Topics: Financial Institutions, Cybersecurity Threat

Rules of Engagement: Dealing With External Auditors

Posted by Lawrence W. Schwartz on Sep 29, 2015 9:14:00 AM

Banks’ financial statements tell their performance story to the outside world. Because the banks’ independent external auditor’s reports provide assurance about the quality of the information in the financial statements, the audit committee’s relationship with the bank’s external, independent auditor is very important. The auditor/audit committee relationship is key to the committee’s ability to monitor financial reporting risk, to oversee management of regulatory compliance risk, and to perform the committee’s other oversight and monitoring functions. Your audit committee’s management of this relationship is critical to the discharge of your obligations under most committee charters.

Read More

Topics: Financial Institutions