Tag Archives: Langdon & Company

Two NC Budgets Passed!

by Rachel Owens

It’s the beginning of summer in NC.  That means that the two chambers of our General Assembly are hard at work trying to agree on a state-wide budget.

The House of Representatives passed the Health and Human ServicesNC health news budget a few weeks ago.  The Senate just passed theirs.  As always there are similarities and differences in each department; each of which, have very “hot topics” that are addressed.  Thanks to NC Health News for a comparison chart to show the differences between the two.

If you have additional questions about the budget decisions and how they affect your organization, contact our office.  We’ll be happy to give you some insight on what these choices mean for you.

Rachel (rowens@langdoncpa.com) is a Senior in the Cost Report department at Langdon & Company LLP.  She works with various healthcare companies, several of which, from the audit all the way through their state reporting compliance.

3 Ways to Protect Yourself and Organization Against Cyber Threats

by Meagan Bulloch

In light of recent data breaches at major retailers in the US, the public have been reminded just how vulnerable both their personal and organization’s data is to cyber-attacks.  This has left many companies scrambling to make sure the data they are entrusted with does not become the target of another round of headlines and lawsuits.identity_theft

While you are never 100% protected from hackers, here are five ways you can reduce your risk of falling victim to a cyber-attack:

  1. Strong Complex Passwords – It seems this advice has been given year after year and almost seems trite, however, for many; passwords are the first level of defense against a cyber-attack.  As such, it is ever more critical that passwords be lengthy, complex and changed often.  According to the SANS Institute’s sample password policy available at https://www.sans.org/security-resources/policies/general/pdf/password-protection-policy  a strong password is at least 15 characters in length.  For many, the deterrent to having a complex password or changing it often is the issue of remembering the complex password.  If this is a concern for you or your organization, you should consider implementing a password management tool such as RoboForm, Password Depot, and LastPass to assist in creating, storing and recalling passwords.
  2. Alternative Authentication Measures – If you have already tackled your passwords what else can you do?  As an additional layer of protection many are considering the use of alternative authentication measures such as fingerprint readers and key fobs.  Basic fingerprint readers can be purchased for only $35 in today’s market.  Using such devices can eliminate the need for a password to log in to a computer.  If the objective is to protect extremely sensitive data then the use of a multifactor authentication may be the best option.  This would involve an employee using both a password and something held in their possession – such as a code generated by a key fob- to log into a computer, application or website.   By requiring two forms of authentication you can greatly reduce the access a hacker could have to your system.
  3. Develop a formal policy for “BYOD.”  Often referred to today as “bring your own device” has created a new level of vulnerability for organizations.  In today’s environment it can be very beneficial for employees to be connected to an organization’s email and other network data through a mobile device.  The issue comes when this access is obtained informally by employees and not managed by the organization.  Often the organization has no way of knowing which devices are attached to their network and therefore, cannot take the necessary security measures to protect sensitive organizational data.  To protect your organization it is imperative to develop a formal BYOD policy that address security issues before an employee can connect their personal device to your network.  If devices have already been connected, you should implement a BYOD policy retroactively.  Regardless, each employee should agree to the policy and indicate so through a signature before they can access the organization’s network.  The BYOD policy should at a minimum include the following: the fact that the organization owns the data the employees will access, the procedure for erasing the organization’s data from the device in the event the employees leaves the organization, which type of websites and applications can be accessed, security measures the end user must implement as a condition of accessing the organization’s network, and the process for notifying appropriate organizational personnel in the vent a device is lost or stolen.  See sample policy template at http://www.itmanagerdaily.com/byod-policy-template/.

While each of these tools is important independently, a layered approach is truly the best defense against a cyber-attack for you or your organization.

Meagan Bulloch (mbulloch@langdoncpa.com) is an audit manager at Langdon & Company LLP focused primarily on non-profit clients.