Cybersecurity for CPA has become an essential skill for every accountant as accounting firms are increasingly targeted with cyberattacks. Financial data of accountants is increasingly targeted by criminals as a result of data breaches, phishing attacks, and malware. Taking cyber defenses seriously is in the accountant’s interest as well as their clients.
By reading this feature, readers can learn how to make their own firms safer in an increasingly dangerous environment.
Cybersecurity Example 1
A distracted or drunk driver could rear-end you even if you are the best driver in the world. You could also have the best cybersecurity in the world and still be hacked by third parties who aren’t as meticulous as you are. CPA firms all too often learn this lesson the hard way. Clients are the ones who start our story, not accountants. We don’t know much about them or what they did. It is possible that they clicked on an inappropriate link. They may have configured their security software incorrectly. Maybe they tried streaming a movie from an obscure pirate website while fighting a million pop-ups (which this writer has certainly not done). The end result is that the client was hacked. It gets worse from there.
The hacker used the client as a jumping off point to attack the CPA firm, whether out of premeditation or out of opportunism. The client sent the firm several emails requesting wire transfers to a new account. The accountants emailed the client back each time to confirm that, yes, this is indeed what the client requested.
There was a problem in that they weren’t talking to the client at the time. Their correspondence was being answered by the hacker, who had co-opted their email account. Every time the accountants asked the client whether the funds should be transferred, the hacker replied yes, as if speaking through a sock puppet. Eventually, the ruse was discovered, but it was too late. A significant amount of money had already been transferred to this new account by the hacker. It was not disclosed how much was lost, but the loss was considered large.
Cybersecurity for CPA and Accounting Firms – Bad Clicks
Cybersecurity has become increasingly important for accounting firms as they become increasingly targeted for cyber attacks. Criminals are increasingly targeting sensitive financial data held by accountants through data breaches, phishing attacks, and malware. For the sake of themselves and their clients, modern accountants must take cyber defense seriously.
In light of this, we present the latest edition of our monthly series, Cybersecurity for CPAs. Here, you will find the best cybersecurity stories from Accounting Today, along with lessons learned from real-life cybersecurity incidents, plus charts and stats to help you better understand the current landscape. By reading this feature, readers can learn how to make their own firms safer in an increasingly dangerous environment.
Cybersecurity Example 2
No one could access their own files, causing the firm’s work to halt. In addition, their clients’ confidential information was now in the hands of someone with less-than-lawful intentions. They demanded $700,000 in exchange for the data, an amount that a small firm such as theirs would consider “material.” The leadership of the company said they could not afford it.
It was a challenge to negotiate with the hackers to reduce their original demand, but eventually, the firm was able to negotiate a reduction to $450,000. The hacker released the files after the ransom was paid. However, the firm had to pay a substantial fine for their mistake.
As a result of this incident, small and midsized businesses are facing a growing threat of cyber attacks. Cybercriminals are becoming increasingly vulnerable to businesses because of remote work and online transactions. Despite their small size, small businesses often fall victim to cyberattacks since they may lack the same level of security infrastructure as larger companies.
Cybersecurity for CPA and Accounting Firms – Bad Timing
Cybersecurity has become essential for accountants as they are increasingly targeted by cyber attacks. Increasingly, criminals are targeting sensitive financial data held by accountants through data breaches, phishing attacks, and malware. In order to protect themselves and their clients, accountants should take cyber defense seriously.
Keeping this in mind, we present the first in our new monthly series, Cybersecurity for CPAs. We will bring you the best cybersecurity stories from Accounting Today, along with lessons learned from real-life cybersecurity incidents, as well as charts and stats to help you better understand the current climate. As a result of this feature, we hope readers will be able to make their own firms safer in an increasingly dangerous world by using the news and insights provided.
The full impact of a cyber incident may not be apparent until much later, as evidenced by an accounting firm that learned the hard way.
Cybersecurity Example 3
We begin with a managing partner at a regional accounting firm specializing in audits. A member of staff called him one day and asked if he really wanted her to download a file from a linked hosting service. So they alerted the firm’s outsourced IT vendor to investigate.
In a scan of the system, the vendor found no viruses or other threats. There is nothing to worry about. There was another curious thing, however. When the managing partner logged into his email system from a remote network or local server, everything worked as it should. However, when he logged into the same account via the web, suddenly a rule about the file-sharing service appeared that he had not made. He was unable to log into the file-sharing service associated with the account. In the end, the vendor was able to reset his password and delete the rule. A dual authentication process was then set up for the account. Several other employees followed his example and set up dual authentication as well.
We learned a valuable lesson and averted a crisis, right? Unfortunately, no. The firm discovered a breach of privacy affecting 19,000 individuals ten months later. In order to determine whom to notify, investigators pulled thousands of items to identify the population of those potentially affected.
In the end, all the compromised data was associated with a single audit client. The eight files involving this client were dated between 2009 and 2011. There was a large spreadsheet containing the names and personal information of people. A hacker was able to access old emails with this data because they were left unencrypted in an account. Part of the reason for this was that the firm did not have a policy for reserving sensitive emails.
The damage had already been done by the time the firm notified all those potentially affected by this breach. Those whose personal, confidential information was leaked served the firm with a class-action lawsuit shortly afterward.
Here are more details are more details for Toronto accounting firms and CPAs regarding cybersecurity needs from Chartered Professional Accountants of Ontario (CPA Ontario).
Try our free data breach scan today and start protecting yourself from cybercriminals.
365 iT SOLUTIONS offers Toronto Managed IT Services, Managed Security Services, IT Support Services, Cloud Services, Business continuity and disaster recovery (BCDR), Cyber Security Training and Dark Web Monitoring, IT Outsourcing Services, and Tech Support Services.
We Make IT Simple!