new-flash.png

Cybersecurity for Accountants & CPA's

The Problem Facing All Accountants and CPA's Today

Data breaches are an everyday event, and CPA firms have a specific obligation to protect themselves and their clients from exposure to these threats.

Some tax preparers may not be aware that all tax professionals with preparer tax identification numbers (PTINs) are required to affirm that their organization has a "written security plan in place" to protect their clients' data. This was mandated by the IRS and was also the focus of its Security Summit partners, which created checklists to assist in protecting data in response to escalating cybercrime against tax practitioners. For example, since 2014, reported data breaches of CPA firms have increased by over 80%, and, since 2018, the portion of breaches that include ransomware or extortion has risen to over 40%. An examination of Maryland data from January 2014 to February 2018 reveals much about public accounting firm data breaches. During this period, 132 accounting firm breaches in which approximately 90% of the firms involved are smaller than the largest 300 accounting firms by revenue.

https://www.journalofaccountancy.com/issues/2019/jun/accounting-firm-data-breaches.html

In 2017, the US Government issued Executive Order 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. With the dramatic increase in cyberattacks and breaches, many businesses are forced to review how they can reduce enterprise risk. To help them do this, the National Institute of Standards and Technology (NIST) developed The Framework for Improving Critical Infrastructure Cybersecurity.

The NIST framework includes five functions: identify, protect, detect, respond, and recover:

Hackers may insert themselves into an email conversation related to a wire transfer, then redirect the funds to accounts they control. This is a growing type of attack. This is real and happening every day. Traditional security measures – build big walls to keep out the bad guys – don’t work anymore. Now, firms must leverage good industry standard frameworks, regulatory requirements and tactical responses to guard against common threats.

This is not an IT issue. This is a risk management issue about how you protect your data. The breach means “material client confidential information is misappropriated, destroyed or otherwise compromised.

The bottom line is that all firms – big and small – need to be careful with data to protect themselves and clients. Practice good cyber hygiene and make sure your providers and vendors follow suit. You can never outsource accountability. This includes ongoing employee awareness training and testing, patching, conducting regular vulnerability risk assessments, implementing and monitoring a disaster recovery plan.

Cyberlitica is in the business of cyber risk management. We prevent companies’ digital information and intellectual property being held hostage by cyber criminals.

References

​Cyber Security is an urgent need for CPA firms - https://www.thetaxadviser.com/issues/2020/apr/cybersecurity-urgent-priority-cpa-firms.html

AICPA Checklist https://www.aicpa.org/content/dam/aicpa/interestareas/privatecompaniespracticesection/qualityservicesdelivery/informationtechnology/downloadabledocuments/top-22-cyber-checklist.pdf

NIST https://www.aicpa.org/content/dam/aicpa/interestareas/businessindustryandgovernment/newsandpublications/downloadabledocuments/cyber-may2018.pdf

IRS - https://www.irs.gov/pub/irs-pdf/p4557.pdf and https://www.irs.gov/pub/irs-pdf/p5293.pdf

The Solution-Cybersecurity Kit for Accountants

24x7x365 Dark Web Monitoring & Notification

Instant notifications via email or text message within seconds of a data breach. Includes monitoring your work and personal email.

Dark Web  Risk & Audit Report

Are your employees already on the Dark Web? We will tell you with our detailed Audit Report with a complete history going back seven years to see what breaches they were involved in so you can take appropriate action now.

Dark Web Password Search Engine

Are your passwords for sale on the Dark Web? We can tell you with our powerful password search engine.

Rogue Domain Intelligence Services

Are you being spoofed by copycat domains? We can tell you instantly with our domain intelligence services.

Password Organizer

Too many passwords? Don’t remember your password? Our organizer will make your digital life easier.

Strong Password Analyzer

How do you stay safe on the Internet? The answer is with a very strong password. Our Strong Password Analyzer will help you get it right and keep you safe.

Phish Your Employees

91% of cyber-attacks start with someone clicking on a phishing email. Find out who in your organization is putting you at risk.

Branded Cybersecurity Video Training Portal

Comprehensive video library that includes everything you need to know about how to keep your employees stay safe in cyberspace.

How to Write an Information Security Policy

With our "how-to guide", we can guide you in writing an Information Security Policy to ensure that all users of your networks are within the organization's security policies.

Scott Schober’s “Cybersecurity is Everyone's Business” Book

"Cybersecurity is Everybody’s Business cuts through the  scare tactics and hype to deliver the most imperative guidance for securing small businesses and everyone else" -  Frank Abagnale, Security Consultant and inspiration for the film Catch Me If You Can

Cybersecurity News Flash Service

Find out immediately about the latest breaches that could affect you and your company.

Comprehensive Reporting

Detailed reports delivered to you when you need them.

Complete Cyber Surival Kit Only $195.00 Per Month

Up to 100 Employees