Posts

5 Important Cybersecurity Tips

As your team of trusted advisors, one of our main objectives is to provide you with the knowledge and resources to help you achieve your goals. In today’s digital world, we understand that you are susceptible to cybercrime and identity theft daily.

We have compiled a few cybersecurity tips to help protect you against these threats:
  1. Understand that you are a target. It is a mistake to assume that you will not be targeted by a hacker or cyber-criminal. If you let your guard down, you put your personal and financial well-being at risk.
  2. Update your devices and their software. It is important to keep your computer and any additional internet-connected devices such as your smart phone or tablet updated. These updates are sent out because vulnerabilities have been found.
  3. Keep your passwords strong and do not reuse them across multiple sites. Ensure that the passwords you are using are unique and would not be easily identified.
  4. Think before you click (or open). Be careful when clicking links or opening attachments within an email. If something seems suspicious, it probably is. In order to check, hover your cursor over a link before clicking. When doing this, you are able to preview the link allows to ensure you will be directed to a safe site.
  5. Physically protect your devices. Take every precaution to prevent your computer from being used or stolen by unauthorized individuals. Laptops are easy targets for theft so it is important to store them in a secure and locked location when not in use.

As your team of trusted advisors, we want to encourage you to take the necessary steps to protect you and your business against cybercrime. To begin protecting yourself, be proactive and have a complete understanding of the cybersecurity tips in this post.

LBA Haynes Strand aims to alert the public on any scam or fraudulent attempt to steal identities or gain access to important financial information. To automatically receive updates like these, subscribe to our newsletter.

Fake Accounting Invoices Used to Steal Credentials

A recently resurfaced banking Trojan is now being used in a malware/phishing campaign targeting users of accounting services provider Xero. Similar attacks have also been used against users of Intuit and QuickBooks. The goal of these attacks is to gather login details for banking and financial accounts. Here’s how it works, what it looks like, and what do if you get this message:

How it works:

The attack sends a spoofed email message that appears to come from Xero/Intuit/QuickBooks regarding an invoice and attempts to get the recipient to click a link to download the invoice. This link will download a ZIP file which contains another file that appears to be the invoice itself but is actually a malicious JavaScript (.js) file which installs the malware.

What to do:

  • Before clicking any link in an email, hover your mouse over that link and observe where it will take you. Either a pop-up will appear next to the link, or look at the bottom of your email program to see the actual link address. If you don’t recognize the link or it’s slightly altered (for example, intuito.biz instead of intuit.com) from the official site: Don’t click on it!
  • Be cautious around ZIP files, often they are used by malware to disguise contents.
  • If you have already clicked on or opened something suspicious that doesn’t show or do what you expect: run extra malware scans – in addition to your regular anti-virus software, contact your trusted IT advisors to see if further checks are necessary, and take precautions to change your account passwords especially for financial institutions – from another computer!

Tips To Proactively Avoid Fraud and Embezzlement in a HOA

Fraud and embezzlement are words that can really cause an Association a lot of wasted time, money and energy.  So how can the Board of Directors get out in front of any potential fraud or embezzlement?  This is really simple and easy, but is almost always overlooked.  The Board needs to understand their role in fraud prevention and the top two components to fraud: motivation and opportunity.  In almost all cases, it will take both of these factors for fraud to occur.  Motivation is a factor completely outside of the Board’s control, but that cannot be said about the opportunity factor.

To reduce or eliminate the opportunity factor, establishing simple monitoring tasks by the Board are critical, extremely simple and highly effective.  First, review and control those key individuals that have banking authority.  When there are transitions on the board or with a management company then the individuals with banking authority need to be reviewed immediately and updated. Ensure this is reviewed and monitored by the Board Treasurer and then approved by the entire board. Next, establish an approved vendor list.  Payments made to vendors that don’t exist or consultants with no credentials are very common with Associations.  The Board should periodically review the disbursements ledger (check register) and look for payments to vendors that are not on the approved vendor list.

In addition, there are a number of control measures the board should do on a regular basis to reduce the risk of fraud or embezzlement.  These can include the following:

  • Review and approve the bank statements and bank reconciliations. Establish a due date to ensure the bank reconciliations are completed timely and reviewed timely.  Typically 15 days from the close of the previous month is a best practice.
  • Review actual results versus budgeted amounts and inquire of all variances.  Avoid only focusing on variances where the actual amounts exceed the approved budgeted amounts.  Variances significantly below approved budgeted amounts can be a myriad of issues.  Remember, the devil is the details. 
  • Discuss with your management company the safeguards they have over cash receipts.  The board should have a very good understanding of how much cash is received and what activities are leading to the generation of members paying in cash. 
  • Make sure your management company is utilizing a lockbox system for assessment collections.  Encourage all of your members to pay directly to the lockbox.  This will cut down on cash receipts. 
  • Review, review, review and review the monthly financial package.  This information is key and the boards timely review is critical to the identification of any potential issues that could be caused by fraud or embezzlement.  Make sure the financial package is completed timely as well.  Establish a due date with your management company.  This should be a date that is reasonable and agreed upon.

These steps, or suggestions, tailored to fit your association can help reduce or even possibly eliminate the opportunity for fraud and/embezzlement.  Fraud will happen at the most unexpected time, make sure your Board is taking the necessary precautions to protect the financial health and stability of your Association.  To learn more click the button below to speak with a Certified Public Accountant at LBA Haynes Strand.