Cyber Threats Reviewed by Momizat on . Understand the Cyber Security Threat Landscape and Threats to the Accounting Industry Do you feel like your firm’s data is safe? Do you feel like your client’s Understand the Cyber Security Threat Landscape and Threats to the Accounting Industry Do you feel like your firm’s data is safe? Do you feel like your client’s Rating: 0
You Are Here: Home » Practice Management » Cyber Threats

Cyber Threats

Understand the Cyber Security Threat Landscape and Threats to the Accounting Industry

Do you feel like your firm’s data is safe? Do you feel like your client’s sensitive information is secure? Do you sleep each night feeling secure that you will not be hit by a data breach? If you answered yes to all three of those questions, it is time to wake up to the real risks you are faced with. You need to make sure to read the rest of this article and understand the real cyber threats you are faced with every single day when it comes to the data at your firm. Not only are these threats real to firms of all sizes but the costs of data breaches in the United States is growing.

Do you feel like your firm’s data is safe? Do you feel like your client’s sensitive information is secure? Do you sleep each night feeling secure that you will not be hit by a data breach? If you answered yes to all three of those questions, it is time to wake up to the real risks you are faced with. You need to make sure to read the rest of this article and understand the real cyber threats you are faced with every single day when it comes to the data at your firm. Not only are these threats real to firms of all sizes but the costs of data breaches in the United States is growing. The average cost of data breaches in 2019 was eight million dollars, a number from which many firms may not be able to recover from. Before you are victim to a cyber hack, take a few minutes to understand the current cyber security threat landscape in the accounting industry, the levels of risks you are faced with, and some common steps you can take to reduce these threats.

Overall in the accounting industry, firms of all sizes and locations across the United States are prime targets for cyber security hackers. This is due to the large amount of personal identified information (PII) that firms have on their clients. Not only do they have large amounts of PII, they also have bank account details and the ability to file tax returns, making them a prime target for hackers. Speaking of hackers, hacking has gone from the stereotypical single person sitting in a dark basement to becoming a global corporate business. Hackers are now frequently part of large global enterprises with teams dedicated to different areas, from target selection to performing the actual hack, and then finally selling the data on the dark web.

A sign in 2019 that these hackers are going after the accounting industry was seen this spring, as both a large accounting vendor and a remote desktop hosting provider in the accounting vertical were both down for multiple days due to cyber security breach. While we will not know the exact details of either of those two breaches for several months, it serves as a reminder about just how real the threats from cyber-attacks are in 2019 and why you are not ready.

2019 is expected to see the highest rate of cyber breaches in history, both in terms of number of breaches, amount of data breached, and number of sensitive PII obtained. As a result of this increased level of cyber breaches, various states have come out with stringent data security and cyber breach laws, which you may not even be aware of. In some states, these rules extend not just from your computer data but to the physical files you keep in your office. This means that when we talk about these cyber threats we also need to think about the physical files in the office. An accountant may forget to put a draft copy of a client’s tax return in the secure shredding bin and instead just throw out the draft copy of the return. Depending on the state you reside in, that accountant may just have had a data breach that requires notification of the state attorney general, client, legal, and a forensic investigation. Given how involved the process can be for just one client record, it is no wonder that the costs of breaches are on the rise.

Several accounting firms around the country each year are hit with breaches that still involve hackers physically breaking into their offices and simply stealing files off desks and from unlocked cabinets. Any sensitive client information inside your office should always be kept in a locked room or file cabinet to ensure that you do not end up on the wrong side of your state’s attorney general after a data breach.

Given this, firms of all sizes need to take a hard look at their cyber security best practices and employee training to make sure they are not the next in a long line of statistics on this rising threat. When it comes to cyber threats, you may not be familiar with DDOS, phishing, SQL injection, brute-force, or man-in-the-middle, but they are just a few of the many ways hackers will try and breach the four walls of your firm.

When it comes to cyber hacks and breaches, the most important thing to remember is that most breaches that occur are not the result of a criminal mastermind hacking into your computer network like you may see in the movies or on TV, most breaches happen due to human error and behaviors. Hackers are like running water and always seek the path of least resistance. A hacker may be able to eventually hack into a firm with a strong 20-character password that changes each month, but it is much easier to hack into a firm whose admin password is “password”. Believe it or not, weak passwords that are set up by users are often the cause of hacks. Just Google the most commonly used passwords and if your password is on the list, you need to change it before you finish reading this article.

After weak passwords, the second most common aspect exploited is poor employee training about possible cyber threats. Once again, hackers are more likely to spend time cyber stalking your employees to find ways to trick them into allowing them into your systems than performing a complex hack. One common hacker trick is to find out where your employees shop through monitoring their social media activity and then dropping some USB drives in the firm parking lot with their favorite store logo on them. All they need is one employee to pick up the USB drive and plug it into their system for the hack to work. If you stop and think about that, what are the chances that none of your employees would pick up that USB drive sitting in the parking lot and plug it into their work computers?

Given that people are the weakest link and threats are rising, it is critical that your firm, regardless of size, conducts regular cyber security best practices and awareness training. Spend 30 minutes each month reviewing best practices, strong password policies, and physical file best practices, and take a positive step to reduce the possibility of a data breach at your firm. If the average cost of a data breach in the United States is eight million dollars, 30 minutes each month is well worth your time.

In addition to training, the step every firm needs to take is to obtain a cyber security insurance policy in addition to their professional liability policy. No matter your size, from a solo practitioner to a top 100 firm, every firm today should have a cyber policy to provide them additional protection against possible breaches. This includes all firms who do not use the cloud, if you have a computer, you need cyber insurance. Best of all, cyber security insurance policies are highly affordable and worth every penny you need to spend on your annual premium.

Do not continue to ignore risking cyber security threats faced by your firm every single day. Before July ends, take some proactive steps to protect your firm against the rising cyber security risks. You do not want to become another unfortunate cyber security statistic, and a talking point at the next industry conference sessions talking about cyber security with that real-world story about a firm who had a breach and went out of business. Train your people on cyber security best practices, encourage everyone to use a strong password, and obtain cyber security insurance to protect your firm so that you can sleep at night soundly knowing that your firm’s data and your client’s PII are all protected and secure.


Garrett Wagner, CPA, CITP, CEO and Founder of C3 Evolution Group, is an industry thought leader and on a mission to fuel the entrepreneurial spirit and passion within the industry. With his ability to break free from the traditional CPA box, he has embraced the entrepreneurial mindset and is on a mission to help others embrace the entrepreneurial skills and knowledge needed to evolve into entrepreneurial CPAs.

Mr. Wagner focuses on monitoring the evolving technologies and best practices in the industry to achieve the highest degree of success without being afraid to break free from traditional methods. His background includes working inside successful CPA firms, speaking at conferences and events, and consulting for CPA firms across the country helping them to ignite lasting change by understanding the unique needs of each firm’s organization.

Mr. Wagner can be contacted at (585) 385-1790 or by e-mail to garrettwagner@c3evolutiongroup.com.

The National Association of Certified Valuators and Analysts (NACVA) supports the users of business and intangible asset valuation services and financial forensic services, including damages determinations of all kinds and fraud detection and prevention, by training and certifying financial professionals in these disciplines.

Number of Entries : 2537

©2024 NACVA and the Consultants' Training Institute • Toll-Free (800) 677-2009 • 1218 East 7800 South, Suite 301, Sandy, UT 84094 USA

event themes - theme rewards

Scroll to top
G-MZGY5C5SX1
lw