December 6, 2021

Security

Amazon’s Giant Data Transfer Trucks Are an IT Auditor’s Worst Nightmare

Drowning in more stuff than you know what to do with? Simple fix. Pack up the crap you can’t bear to part with, rent a truck, and tuck it into a storage unit. Holiday decorations and dusty workout equipment, welcome to your new home. What about when you run out of digital storage space? Or, […]

IRS Was Just Kidding When It Said Cyber Criminals Tried to Access Tax Return Information for 225,000 Households

It was quite a few more than that, actually: The IRS reported in May that cyber crooks used stolen Social Security numbers and other data acquired elsewhere to try to gain unauthorized access to prior-year tax return information for about 225,000 U.S. households. That included about 114,000 successful attempts and 111,000 unsuccessful ones. On Monday, […]

(UPDATE) We’re Hoping EY Staff in NYC Went Home Before the Pro-Palestine Protest Started

The best part about this alert from the EY Security Director at 5 Times Square is that the protest was scheduled to start at 4:30 PM and the email went out at 3:21 PM. Hope you folks prepared in time! Everyone alright over there? Give us a holla and let us know you're OK. Update: […]

Starting Today, Prometric Will Pull Out the Metal Detector

Prometric is only one step away from TSA at this rate, next thing you’ll likely have to submit to backscatter body scanners. 95 year-old CPA exam candidates will have to remove their Depends, while younger candidates will have to accept getting groped by Prometric staff. Awesome, isn’t it? Aren’t you guys thrilled you chose the most trustworthy occupation on the planet besides Hollywood madam?

Thanks to the many (and I mean many) tipsters who sent us the following email which was sent out to all CPA exam candidates on Wednesday:

Prometric is committed to a strong, secure, testing environment for the CPA Examination and for all candidates visiting one of its test centers. Over the past few years, Prometric has made several significant investments to further strengthen security in its test centers, including a global roll-out of digital video recorders and enhancements to biometrics at the centers. This communication is to advise you that there is a new security enhancement being introduced into Prometric centers this week.

Starting July 1, Prometric Test Center Administrators (TCAs) will be using hand-held metal detector wands to scan all candidates in the Test Centers in the United States and Territories. All candidates will be scanned prior to each entry into the test room, including returns from breaks. Candidates will still be required to turn their pockets out, and the scan will be done immediately afterward. The purpose of the wand scan is to take an additional step in identifying any prohibited items that a candidate is attempting to take into the testing room.

Prometric’s Security Department conducted a pilot of this program in 2010 using the wands for a period of five months. Approximately 60,000 candidates were scanned during that time. Ultimately, the wand was found to be a strong deterrent and operationally effective. Based on the results of the pilot, Prometric has decided to move forward with this program and has deployed hand-held metal detectors to all U.S. Test Centers.

In addition to this message, information about wanding has been added to Prometric’s standard Test Center Regulations Form. This form is posted on Prometric’s website and is given to all candidates to read prior to check-in.

The scan will be done in full view of the TCA DVR camera so it will be recorded, and any candidate complaints or escalations can be properly investigated. All candidates will be required to submit to the scans. Any candidates refusing to be scanned will not be permitted to test. Please rest assured that the metal detectors do not affect pregnancies, pacemakers, or other medical equipment that’s connected to the body.

This small change will help to make our test even more secure, and further protect the integrity of our exams.

I wonder how much this has to do with the candidate in Illinois caught “cheating” (we still don’t know what exactly he or she was busted doing, be that using a crib sheet or actually trying to smuggle out exam content).

We checked the Test Center Regulations and still don’t see any mention of metal detectors (or bodyscanners).

IRS Database Security Could Use a Tuneup

Some of the 2,200 databases that the IRS uses to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches.

Nor has the IRS fully implemented its plans to complete vulnerability scans of its databases — although the IRS spent more than $1.1 million in software licenses and support costs for a database vulnerability scanning and compliance assessment tool, it did not fully implement it. TIGTA used database vulnerability assessment software to conduct remote scans of the primary databases for 13 applications supporting critical tax administration business processes. Its review found high and medium risk vulnerabilities, as classified by the scanning tool in each of the 13 databases. [TIGTA via TaxProf]

Do You Want Your CPA Filing Tax Returns From an iPad?

Technology is a beautiful thing. It makes our lives easier, including work. It gives us supremacy over our late-to-adopt friends and colleagues who are still stuck with clunky old company laptops. And apparently it makes it easier to lug around several devices than just sit at our desk with one. Somehow this is more convenient, but we’ll get to that in a minute.

Check out this revolutionary, wielding his iPad as a weapon in the war against April 15th 18th:

With the 2011 tax season in full swing, accountants and CPAs are searching for ways to save time and service geographically separated clients. A popular solution, QuickBooks hosting, allows for CPAs to securely access QuickBooks and client data remotely from any computer, phone or tablet with an internet connection. Recently, NovelASPect’s client, Scott Sanders, CPA, took QuickBooks hosting to the next level. Scott added his tax software to his QuickBooks hosting account on a NovelASPect virtual server. Using the Citrix receiver, Scott can now access his tax software from anywhere with his iPad. He then paired his iPad with his iPhone via Bluetooth to use the iPhone as a mouse for the iPad.

“Accessing my tax software and QuickBooks via my iPad has been a tremendous time saver,” says Scott Sanders. “Clients can review and sign their tax documents at their location. I can then efile the return with the government and email a copy of the tax return immediately to the client. I also have access to client financial information in Quickbooks anytime / anywhere.”

Quick question: can’t a laptop do the same exact thing?

Remember last June when 114,000 iPad user accounts were exposed by rogue Internet security group Goatse Security? Not to mention the fact that the iPad is not only a target of hacktivists looking to prove a point but also thieves who would love to get their hands on that overpriced toy you insist on playing with on the subway.

Here’s the issue I see with on-the-run tax preparers MacGyvering their iPads to shoot the data off to the client and then to the government from just about anywhere: WiFi is not always secure. We assume Scott Sanders knows a thing or two about protecting sensitive data if he’s knowledgeable enough to figure out how to use his iPhone as a mouse for his iPad (and what’s wrong with using a laptop and a, oh I don’t know, mouse?) but I would not want my tax preparer sending me my 1040 to sign; he can barely wash his grungy white dress shirt separate from his red socks.

I’m all for convenience but there’s a point when the work required to make it safe for all involved parties becomes inconvenient.