Cybersecurity for CPAs: Don't get complacent

remote-meeting-woman.jpg
fizkes - stock.adobe.com

As accounting firms are increasingly targeted with cyberattacks, cybersecurity has become essential for every professional. Between data breaches, phishing attacks and malware, criminals are going after the sensitive financial data held by accountants. Modern accountants must take their cyber defenses seriously for the sake of themselves and their clients.

With this in mind, we present the latest edition of our monthly series, Cybersecurity for CPAs. This regular feature will bring you the best cybersecurity stories from Accounting Today, as well as lessons drawn from real-life cybersecurity incidents, plus stats and charts to help you better understand the current landscape. It's our hope that readers will be able to use the news and insights offered in this feature to make their own firms safer in an increasingly dangerous world.

Don't get complacent

remote-meeting-woman.jpg
fizkes - stock.adobe.com
This month's look at the cybersecurity frontlines demonstrates how the new remote work world has unlocked many possibilities, but also many risks. 

When the pandemic first hit, accounting firms — like many other businesses — were forced to adjust to remote work in order to survive. This led to many firms seeing increased risk due to the large amount of sensitive information they held, which people were now working with in their home office environments. Since cybercriminals go where the data is, measures were needed to protect staff from attacks, especially phishing attempts. 

With a hybrid work environment still alive and well post-pandemic, this accounting firm still believes in proactive measures in its fight against cybersecurity risks. To battle the ever-evolving threats that are present and balance a hybrid work environment, a three-prong defense was created. This defense is anchored by stressing education to all employees. 

Like a lot of other firms, many employees have returned to the office at one Chicago-based tax and accounting solutions firm. Although a lot of work is now being done in one location, this does not mean risk has been eliminated, given the myriad personal devices still in employees' home offices. While the firm has stressed the importance of cybersecurity at home, it did not want people getting complacent at the office.

Education and awareness campaigns that began with the lockdowns continued, using multiple tools, videos and resources as proactive ways to train employees on how to avoid falling prey to cyberattacks. Meanwhile, the firm also leveraged IT systems and software such as multifactor authentication and antivirus programs that include EDR as an extra step. Then, if the worst happened and even those measures failed, the firm invested in insurance as a final safety net. Most of the time, third-party IT firms' insurance covers the firm itself, not the financial loss of its clients resulting from an attack or incident, which underscored the importance of the firm getting its own coverage. 

This story of preparation and proactive thinking comes from digital-first  professional liability insurance provider Embroker, which sees a need for continuing educational efforts. Cybercriminals and risk are constantly evolving, so cybersecurity strategies need to transform with them.

Top Cybersecurity Stories for January

Armanino releases Audit Ally, a SOC 2 examination tool: Top 25 firm Armanino released Audit Ally, a solution that automates many parts of the SOC 2 examination process.

IRS warns of tax scams from cybercriminals posing as new clients: The Internal Revenue Service is cautioning tax professionals to beware of an uptick it's already starting to see this year in cybercriminals pretending to be new tax clients as a way to scam tax pros.

Ex-IRS contractor who leaked Trump, Griffin tax data gets five years in prison: A former Internal Revenue Service contractor who stole and leaked the tax returns of former President Donald Trump, Ken Griffin, Elon Musk and other billionaires was sentenced to five years in prison. 

Cybersecurity Stat Shot

How is AI used in threat detection? (more than one response permitted)

49%: Detecting attacks with known signatures;
58%: Considering the dynamic and interconnected nature of the security environment;
68%: Analyzing complex systems like network infrastructures or software applications;
67%: Creating rules based on known patterns and indicators of cyber threats.

Source - MixMode
MORE FROM ACCOUNTING TODAY