CPAs and Cybersecurity
Cybercriminals are always hunting for identity theft victims. It is becoming increasingly important for you to take proactive measures to protect your clients’ personal and financial information. It doesn’t matter if you work by yourself or for a large accounting firm—digital security risks are a growing concern for everyone in the accounting profession. Those who don’t address these concerns are putting themselves and their businesses at serious professional liability risk.
Top Cybersecurity Risks for CPAs
While the advanced abilities of modern cybercriminals may seem obvious, too many businesses do not grasp the reality of the frequency and the severity of the threat. One study estimates that 97% of companies have already experienced a breach of some sort, meaning at least one hacker has bypassed all layers of security. The threat of cybersecurity is real, and ignorance offers no protection.
Passwords are the most basic defense against unwanted digital access. How secure are your passwords? Are you using them to their fullest potential? For most corporations, poor passwords are a major security risk. About 76% of corporate network breaches are directly related to lost or stolen credentials, like easily hacked passwords. Change your password immediately if it is “123456,” “password,” or something equally unsafe. Be sure to follow best practices for strong passwords like a long chain with varying types of characters.
Internal threats usually come from individuals who misuse their information access. Unfortunately, no matter how careful your firm is, you may have an unscrupulous employee on your hands. Also, service vendors may find themselves in a building where sensitive information is on display. It’s important to restrict access to information to employees on a need-to-know basis.
The Cloud and Other Technological Vulnerabilities
Unless you have IT experience, finding all the technological vulnerabilities in your software and hardware is nearly impossible. Every application and operating system on your computer, phone, or tablet can have a vulnerability, and it only takes a hacker one moment to exploit it once it has been found. When you use cloud-based storage, you add another layer of vulnerability. Work with an IT professional and be sure to review your cloud-based service providers often.
Phishing, Malware, and Hacking
Phishing and malware are malicious attempts to access sensitive data. Phishing is the process of sending an email that entices a reader to click on an attachment and enter personal data, which opens the computer to a hack. Malware is malicious software installed without a user’s knowledge with the purpose of hacking the computer or otherwise disrupting its function. Both are a risk for the modern CPA. All it takes is an involuntary click on a seemingly innocent email to infect a computer or release sensitive information.
Of course, you also have the risk of being hacked. The CPA Journal reports that 54% of hacking attempts in 2013 came from the United States, and hacker activity rises at a rate of 25% every quarter. Unlike virus attacks from phishing and malware, hackers work hard to leave no trace of their breach. You may not find out you’ve been hacked until it is far too late.
Compliance Risks and Data Threats
As a data collector and caretaker, a CPA has a legal responsibility to remain compliant with government regulations. Over time, the data that is stored in order to remain compliant becomes a threat in and of itself. If the data is not properly stored, or if it is not able to be found in the event of an audit, your firm could face a large set of legal risks.
How to Defend Against Cybersecurity Threats
Work with an IT professional
Work with an IT professional to ensure you have proper security protocols in place. Review any cloud-based service providers to see if they have good security measures as well. Perform a security risk assessment to stop any potential problems before they can grow.
Understand and Protect the Flow of Confidential Data
Make sure you understand the flow of confidential data in your firm and enforce proper security procedures. Review access controls to ensure only those who should see data have access to it. Train, vet, and monitor your employees, and carefully screen any service providers or vendors who come to your facility. Make sure customers are not able to see the data of others when they visit your facility.
Create an Information Security Plan
Have a written information security plan that includes a timely purging of generic data sets. Train your employees to adhere to these rules. Review the plan periodically among leadership staff as well as employees.
Reduce Your Risk with Professional Liability Insurance
Protect yourself with proper insurance. While all of these risk reduction strategies are important, the most important way to protect yourself and your business is through professional liability insurance. Purchase a policy that properly addresses all potential cybersecurity exposures.
Protect Your Firm from Cybersecurity Threats
For CPAs, protecting data can quickly become a full-time job. It is your ethical and legal responsibility to do everything in your power to protect your clients and their personal data. Beyond that, you need to protect yourself—cybersecurity risks are very real in this modern world. By following these strategies and obtaining appropriate liability coverage, you can fight cybersecurity threats head on.