Dealing with a Cyber Incident

Moments That Matter

CPA firms are prime targets for cyber criminals. Your firm may have access to client funds; and to serve your client you may access and maintain a lot of sensitive material such as Social Security Numbers and banking information. Big or small, any size firm is vulnerable to an attack.

Major points of vulnerability for CPA firms are the constant use of cell phones, which can be vulnerable to malware when not configured properly, and the use of remote access. Mobile phones are also easily lost, misplaced, or stolen, leaving unencrypted data easily accessible. Second, remote access to internal systems from mobile devices or unsecure networks is also a prime spot that hackers exploit in order to steal private information. Third, hackers target CPAs with ransomware expecting them to pay quickly to release information needed to file timely.

Things to Consider

To protect against these threats, we recommend:

  • Conducting regular security awareness training

  • Encrypting all laptops, desktops, mobile devices, and external storage devices

  • Having your employees use multi-factor authentication for remote login

  • Establishing robust cloud/vendor management quality controls

  • Extending internal security controls to embedded devices like internet connected web cameras, HVAC, and door badge access systems, including Nest and Ring

  • Documenting and testing incident response plans

  • Establishing a formal data retention policy, including secure deletion of data

  • Ensuring physical security of hardware

  • Conducting annual penetration tests, and remediating identified issues

Key takeaways

The easiest way to safeguard your firm and your clients is to have robust, comprehensive prevention and detection protocols in place to identify and thwart, or quickly recover from a potential cyber-attack. Test protocols regularly and hold colleagues accountable for understanding and upholding them.

In this industry, lost or stolen data directly correlates to lost revenue for your firm. It may even hurt your reputation and standing with clients that can take a long time to recover from. You may also be hit with hefty fines, as well as additional regulatory actions from the state or federal level.

Unfortunately, when it comes to cyber-attacks, it is probably not a matter of if but when. Cybercrime is constantly evolving. Malware and phishing attempts are constantly changing to outsmart the latest security, which is why it is so important for your firm to stay abreast on what kinds of threats are out there and how to stay ahead of them.

Plans that might help you

Planning for the next step

There is much more to explore on this topic so we have gathered a handful of resources that will help you understand what hacking is and how it happens, as well as some materials to help you stay on top of and help manage your data security a risk to keep your firm and your clients safe.

Resources that might help you

Moments That Matter