Adrian JohnsonTLDR:
- Accounting firms are increasingly targeted with cyberattacks, making cybersecurity essential for every professional.
- The new remote work world has unlocked many possibilities, but also many risks, as cybercriminals go where the data is.
- A three-prong defense is recommended to battle evolving threats, including education, leveraging IT systems and software, and investing in insurance as a safety net.
- In January, top cybersecurity stories included Armanino releasing Audit Ally, the IRS warning of tax scams, and an ex-IRS contractor who leaked tax data being sentenced to prison.
- AI is used in threat detection for various purposes, including detecting attacks with known signatures and analyzing complex systems.
Cybersecurity for CPAs: Don’t get complacent
As accounting firms are increasingly targeted with cyberattacks, cybersecurity has become essential for every professional. Between data breaches, phishing attacks, and malware, criminals are going after the sensitive financial data held by accountants. Modern accountants must take their cyber defenses seriously for the sake of themselves and their clients.
This month’s look at the cybersecurity frontlines demonstrates how the new remote work world has unlocked many possibilities, but also many risks. When the pandemic first hit, accounting firms were forced to adjust to remote work in order to survive. This led to increased risk due to the large amount of sensitive information they held, which people were now working with in their home office environments. Since cybercriminals go where the data is, measures were needed to protect staff from attacks, especially phishing attempts.
A three-prong defense was created to battle the ever-evolving threats and balance a hybrid work environment. This defense is anchored by stressing education to all employees. The importance of cybersecurity at home was emphasized, but the firm did not want people getting complacent at the office. Education and awareness campaigns continued, using multiple tools, videos, and resources as proactive ways to train employees on how to avoid falling prey to cyberattacks.
The firm also leveraged IT systems and software such as multifactor authentication and antivirus programs that include EDR as an extra step. The investment in insurance was made as a final safety net. Most of the time, third-party IT firms’ insurance covers the firm itself, not the financial loss of its clients resulting from an attack or incident, which underscored the importance of the firm getting its own coverage.
In January, top cybersecurity stories included Armanino releasing Audit Ally, a solution that automates parts of the SOC 2 examination process, the IRS warning of tax scams from cybercriminals posing as new clients, and an ex-IRS contractor who leaked tax data being sentenced to five years in prison.
AI is used in threat detection for various purposes, including detecting attacks with known signatures, analyzing complex systems like network infrastructures or software applications, and creating rules based on known patterns and indicators of cyber threats.
