Accounting firms and CPA’s sit at a valuable intersection between defending against cyberattacks and maintaining the type of client information that places them at greater risk of exposure to ruinous cyberattacks.
This intersection gives accountants a prime opportunity to take both offensive and defensive postures against cybercrime.
On the defensive side, accounting firms need to remain aware of the most common modalities of cyberattacks in their industry. Although some hackers might try sophisticated attacks, a majority of hackers continue to use old-school email phishing and malware attacks.
They will send an email to an accounting firm employee that appears to be from a legitimate source, directing the employee to click on a link for more information.
That link then inserts malware into the accounting firm’s systems. The malware can then record keystrokes to give hackers even deeper access into a system, or launch a ransomware attack that freezes the systems until the firm pays a ransom to an anonymous payee.
Accounting firms can protect themselves from these types of attacks with the same strategies that are used by companies in other industries.
The first strategy is employee education that includes strict instructions not to click on email attachments, particularly if the email is from an unknown source. Because client documents often include confidential financial information, firms and their clients should exchange those documents only through encrypted portals that are specific to that purpose.
Email encryption and strong passwords that are changed frequently will also improve the security of an accounting firm’s networks.
Accounting firms are in a better position than companies in many other industries to implement offensive strategies against cyberattackers, not just for themselves, but also for their clients.
In their roles as auditors, CPA’s have an objective perspective on how their clients use information technology and how that technology affects the client’s financial reporting.
The Association for Chartered Certified Accountants (ACCA) is actively encouraging its members to expand their auditing role with cybersecurity services.
Accountants also understand the risks of making material misstatements on their publicly-traded clients’ financial reports. The close scrutiny that accountants place on clients during an audit can reveal hidden discrepancies that might be evidence of a previously-undetected cyberattack.
Many accounting firms have used their auditing experience to expand their own service offerings with dedicated cybersecurity consulting teams.
Those consulting services go beyond advising on how to prevent cyberattacks. When a client has experienced a cyberattack, for example, accountants can quickly help the victim assess the extent of the damage and to determine whether and to what extent a response is needed.
A cyberattack may or may not expose the personal or financial information of a company’s clients. Accountants can assess the risks of that exposure and advice their clients on how to notify affected parties in order to reduce regulatory oversight and fines that may be levied on account of the client’s loss of third-party data.
No accounting firm will have the credibility to provide cybersecurity services unless it has first improved the defenses around its own internal systems and networks and adopted a strategy to respond to a cyberattack if and when it happens.
Cybersecurity insurance from a CPA insurance company is a critical element in that strategy. Clients of accounting firms that carry this insurance will have greater assurances that their financial information is protected.
If a cyberattacker does breach the accounting firm’s cyber defenses, the firm’s clients will have a source of insurance compensation for any financial losses they might experience if their financial information is used for improper purposes.
With the growth in cybercrime and cyberattacks on businesses, accounting firm cybersecurity insurance will be as important as errors and omissions and general liability coverage for every accounting firm.