Cybersecurity for CPAs: Don't leave the door open

As accounting firms are increasingly targeted with cyberattacks, cybersecurity has become essential for every professional. Between data breaches, phishing attacks and malware, criminals are going after the sensitive financial data held by accountants. Modern accountants, then, must take their cyber defenses seriously for the sake of themselves and their clients.

With this in mind, we present the latest edition of our monthly series, Cybersecurity for CPAs. This regular feature will bring you the best cybersecurity stories from Accounting Today, as well as lessons drawn from real-life cybersecurity incidents, plus stats and charts to help you better understand the current landscape. It's our hope that readers will be able to use the news and insights offered in this feature to make their own firms safer in an increasingly dangerous world.

open-door-is-250.jpg

Don't leave the door open

What good is a door you don't close? What's the point of going through all the trouble of having a secure space if someone can just walk right in? This month's Cybersecurity for CPAs involves a company that, effectively, left the door open. 

The company needed to make some changes to the system that involved taking down its security firewalls for a little while. There's a wide variety of reasons why a company might do this: software patching or updates, configuration changes, hardware upgrades, data migrations and more. Regardless of the reason, though, the result was that the thing meant to keep the company's systems safe from the wider Internet was taken down so the tech workers could do their jobs. Unfortunately, once they were done, they neglected to put them back up again. The company was exposed and had no idea about its vulnerable position. It was only a matter of time before Russian cybercriminals swept into the network and pilfered sensitive information like social security numbers, birth dates–the ingredients for identity theft. As is their wont, the attackers demanded the company pay a ransom for the data. This was bad enough, but making it worse was that the company didn't have enough money to fully pay the ransom, and they didn't have insurance coverage to help compensate. 

The company, so far, has spent at least $100,000 to try and recover at least some of the data and blunt the negative impact of the attack, but it's been too little too late. The company's ability to survive is currently in question because customers didn't really trust it with their information. 

This real life tale was brought to you by accounting-focused cloud services provider Rightworks, which offers cybersecurity solutions among their many service and product offerings. The story underscores the importance of remembering that neglecting even the most basic of cybersecurity tasks, like putting the firewall back up, can have outsized consequences. Firms and their clients (like the one detailed above) need to make sure they follow every step to secure their own data and that of their clients. This can be done through training as well as through solutions that offer enterprise-level data protection.

Top Cybersecurity Stories for November

IRS criminal investigators team up with other countries to tackle cybercrime - Officials from the Internal Revenue Service's Criminal Investigation division met with tax officials from four other countries this week in an annual "cyber challenge" as they explored ways to cooperate across borders on uncovering tax evasion and money laundering schemes using cryptocurrency and other digital technology.

Only 10% of S&P 500 companies reported any cybersecurity incidents in annual reports - Only a small minority of S&P 500 companies have disclosed any cybersecurity incidents in their last three annual reports, according to recent data.

Cybersecurity: Securing your accounting firm's perimeter - How safe is your client data? This is a question accounting firms of all sizes must consider as data breaches remain a real concern, and new and emerging threats take security worries to new heights. Accounting firms are the gatekeepers to a treasure trove of sensitive client data, which makes them a highly attractive target for hackers.

Cybersecurity Stat Shot

Total cost of a full day without the Internet: $43 billion

US share: $11 billion
China share: $10 billion
UK share: $3 billion
Japan share: $2.7 billion
Germany share: $1.5 billion 

Source: AtlasVPN

MORE FROM ACCOUNTING TODAY