September 01, 2024

Top Cybersecurity Tactics for CPAs in the Digital Age

By Stacey Howard

While navigating digital transformation, the world positions the accounting profession in its crosshairs. Many CPAs and accounting firms are sitting on a treasure trove of sensitive data and are becoming prime targets for cybercriminals.

Technology has introduced innovative measures for streamlining processes and enhancing the efficiency of CPA firms. However, everything that glitters is not gold.

According to IBM's Cost of a Data Breach report, firms investing in cybersecurity now are saving an average cost of $4.45 million/data breach, a 15% increase over the past three years.

These advancements also open up the accounting profession to novel risks. Consequently, cybersecurity solutions have become imperative for CPAs to safeguard their businesses and clients.

The Rise of Digital Transformation in Accounting

CPAs and accounting firms are actively reshaping themselves through digital transformation. They are embracing advanced tools and technologies such as artificial intelligence (AI), machine learning and automation. These innovative measures enhance efficiency and empower CPAs and accountants to transition their focus from mere data crunching to high-value services. This shift includes strategic financial planning and risk management, even business advisory services.

Technology has revolutionized the accounting profession; however, it introduces new challenges – notably cybersecurity threats – that demand immediate attention.

Why Hackers Are Targeting CPAs

In recent years, we have witnessed a shift in focus among hackers. They no longer concentrate solely on the prominent, headline-making targets associated with previous breaches. Instead, their attention extends to smaller and less conspicuous victims.

Emerging patterns suggest that certain financial cybersecurity criminals might even circumvent launching ransomware attacks against larger organizations. This will help to prevent national political or law enforcement responses – as Sherry Bambrick, Senior Underwriter for the AICPA Member Insurance Programs, asserts. This is an evolving strategy carrying significant implications for CPAs.

Bambrick stated: "Hackers find CPA firms particularly attractive because these entities essentially aggregate financial and personal identifiable information (PII) data. The escalating emphasis on smaller organizations, along with the vast amount of PII potentially held by a firm, significantly amplifies the risk they encounter."

Hackers target CPA firms not only for their access to client funds but also due to the assumption that mid-size and smaller firms lack robust information security strategies. These assumptions are born from a misguided belief held by their leaders that they're too small to be targeted.

What Are the Best Cybersecurity Practices for CPAs?

Let’s tap into some of the cybersecurity practices to stay ahead in the competitive market.

1. Proactively Detect Risks. CPAs must proactively detect risks and vulnerabilities and protect against breaches or "active" concerns such as phishing and ransomware. They need to put measures in place for this.

Moreover, these protective strategies should address the technology involved and its users. Comprehensive security is a shared responsibility where both digital systems and human factors intersect in all their complex intricacies. How you can go about it:

  • Use risk assessments for a health check of your business;
  • Implement zero trust factor that aims to protect the network and security infrastructure;
  • Watch for advanced persistent threats (APTs) and monitor endpoints by using tools such as endpoint detection response (EDR); and
  • Use software like MetricStream IT and cyber risk management software for risk identification.

2. Conduct Training and Build a Secure Culture. CPA firm owners should conduct security awareness training that includes real-world exercises. In particular, realistic and challenging phishing simulations should be implemented. To reinforce best practices, adeptly blend teaching with engaging activities.

Construct a firm emphasizing a "culture of security," focusing on data governance and management. Remember that the business side – not just the IT and risk management divisions – must provide robust input for this initiative. CPAs can run cybersecurity governance and risk management programs using voluntary framework, which can include the risk assessment.

For instance, the National Institute of Standards and Technology (NSIT) includes the following five continuous functions:

  • Identify: Develop an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities.
  • Protect: Proactively implement appropriate safeguards to ensure the delivery of critical services. By doing so, you can take control of your cybersecurity landscape.
  • Detect: Identify the occurrence of a cybersecurity event.
  • Respond: Take action regarding a detected cybersecurity incident.
  • Recover: Maintain resilience plans and restore any capabilities or services that were impaired by a cybersecurity incident.

3. Emphasize Self-Awareness Practice. Remind your employees to cultivate self-awareness, a crucial practice in today's digital landscape. Taking a moment before responding or acting upon suspicious emails can often mark the turning point; it is usually half the battle won.

To illustrate this concept, urge them to evaluate dubious URLs for anomalies and validate the sender's identity through another trusted method – perhaps by placing an essential phone call.

4. Implement Multi-Factor Authentication and Restrict Online Sharing. All access points require more than just a password to join the network, so utilize multi-factor authentication. Implementing confirmation via text messages, phone calls or fingerprints, despite its minimal effort, can significantly enhance a firm's security.

You should push employees to restrict the online sharing of work-related information, as potential attackers can leverage this practice for social engineering schemes. It will effectively mitigate cyber criminals' ammunition by refraining from incorporating details such as client or colleague names in personal social media posts.

5. Use VPN. A virtual private network (VPN) masks employees' identities, safeguarding their communications from potential attackers, a measure particularly crucial when they utilize public WiFi.

To scan and block malicious links, attachments or accounts – thus potentially intercepting and neutralizing malware from a corrupt link or attachment – requires the active tasks of installing and maintaining regular updates. Anti-virus/anti-phishing software is our tool for such critical operations.

6. Ensure Strict Control Over Data Sharing. When engaging with third-party providers, exercise stringent control measures like incorporating indemnification clauses or stipulating that the provider maintains cyber insurance in its service agreement for potential breaches on a third-party platform.

7. Plan Ahead for Any Data Breach. You must create a robust security and breach response plan that can be quickly implemented in the event of an issue. Furthermore, it is imperative to revisit and update this plan regularly. This practice helps ensure its effectiveness against the ever-evolving risk landscape.

Bottom Line

Integrating AI in accounting services not only augments cybersecurity defenses but also empowers firms to navigate the complexities of modern digital landscapes with confidence. See how at this link.

The evolution of digital transformation in accounting necessitates a paramount focus on cybersecurity. As cyber threats continue to advance, CPA firms must actively enhance their security measures. This is crucial for both protecting sensitive data and ensuring compliance with industry regulations.

About the Author: Stacey Howard is an accomplished blogger with over a decade of experience in the field of accounting and bookkeeping. With her extensive knowledge and expertise, she has been working as an accountant at a leading business process management firm Accounting To Taxes. Throughout her career, she has developed a passion for sharing valuable insights and information on various accounting industries through her engaging and informative write-ups. Her contributions to the accounting community have been widely recognized, making her a sought-after expert in the field.

 

Thanks to the Sponsors of Today's CPA Magazine

This content was made possible by the sponsors of this issue of Today's CPA Magazine: 

Accounting Biz Brokers

Accounting Practice Sales

CPA Charge

Goodman Financial

Poe Group Advisors

 


  • Assessing AI From a Tax Perspective, Part 1

    The article evaluates the potential use and limitations of AI in addressing tax-related queries during tax season. While AI tools show promise for aiding tax professionals and easing the CPA shortage, their responses are often inaccurate or misleading. The technology can assist with basic tasks, but it is not yet reliable enough to replace the educated judgment of tax professionals.
    View Article
  • CPE: Goodwill and Unit of Accounting

    This article provides an in-depth analysis of goodwill accounting under ASC 350, which defines goodwill as the excess payment over the fair value of acquired assets in a business combination. It covers the complexity of goodwill accounting, its significant financial implications and the importance of informed management judgment in acquisitions.
    View Article
  • What’s Happening Around Texas - January-February 2025

    November's Service Month and Career Awareness Month showcased our members' dedication to making a difference, highlighting their meaningful community impact. Through charitable efforts, educational outreach and career awareness initiatives, their collective generosity was a bright light for the accounting profession.
    View Article
  • The Impact of State Sales Tax Law on Federal Income Tax Returns for Businesses

    State sales tax rules impact federal income tax reporting for businesses operating in multiple states. Proper reporting is crucial to avoid audit risks and ensure compliance with gross receipts thresholds, which can influence tax methods and deductions. Tax practitioners should align financial accounting and tax reporting practices to minimize discrepancies and simplify compliance.
    View Article
  • Communicating with Senior Clients

    Recognizing typical age-related changes and making small adjustments can enhance how CPAs communicate with senior clients. Communication differences are not all related to a person’s generation category. The recommendations in this article draw from research and years of professional practice, as well as personal experience.
    View Article
  • Critical Timing for Licensure Discussions in Texas

    The new year brings a new legislative session in Texas. TXCPA will be advocating for important developments that directly impact your profession and the future of the CPA pipeline in Texas. We encourage you to stay engaged with us as the session progresses.
    View Article
  • Proposed Two-Track Path to a CPA License is Getting Serious Consideration

    A proposed two-track path to CPA licensure aims to address the shrinking pool of potential new entrants into the accounting profession. Traditionally, CPA licensure requires passing the Uniform CPA Exam, completing 150 semester hours of education and completing supervised work experience.
    View Article
  • Spotlight on CPAs: Shristi Upreti Sharma

    TXCPA member Shristi Upreti Sharma discusses her career journey, sharing key milestones and valuable lessons for aspiring CPAs. Passionate about accounting from a young age, she has actionable advice for students pursuing the CPA path, highlighting dedication, strategic planning, mentorship and resilience as essential elements for success.
    View Article
  • Government Affairs: Hold on Tight! Big Changes in the Accounting Profession for 2025

    The 89th Texas Legislative Session begins January 14, 2025, where there will be debates on property taxes, water resources, infrastructure, school choice, and CPA licensing reforms. Key bills for the accounting profession are SB 262 and HB 1757 that include proposals for an alternative CPA licensure pathway, and SB 522 that includes mobility protections. TXCPA will actively advocate for these and other measures.
    View Article
  • FASB’s New ASU 2024-03: Another Step Toward Greater Transparency in Financial Reporting

    The Financial Accounting Standards Board (FASB) issued ASU 2024-03 on November 4, 2024, to enhance financial reporting transparency by mandating more detailed expense disclosures in financial statements. This update, shaped by investor feedback during FASB’s 2021 agenda consultation, aims to help investors better assess a company’s performance, cash flow prospects and industry standing.
    View Article
  • Driving Strategic Growth: ASC 280 Segment Reporting Disclosure Fuels Investor Insight

    Updates to ASC 280 require public companies to disclose detailed segment-level financial data to meet growing investor demands for more insights. Implementing these changes involves identifying operating segments, ensuring data readiness and maintaining compliance with reporting standards. Enhanced transparency will help build investor confidence and support sustainable growth in a competitive, evolving market.
    View Article
  • TXCPA Thanks Our 2024-2025 Professional Group Membership Program Participants!

    TXCPA thanks the firms and companies that participated in our 2024-2025 Professional Group Membership program for membership renewals and new member activations. With our streamlined group billing option, renewing memberships is a breeze, while offering your team added value and benefits!
    View Article
  • Take Note

    In this edition of Take Note: Advocacy Day and Midyear Leadership Council Meeting; TXCPA's 2025 CPE Programs; Clarification for Today's CPA Article on Mitigating Medicare Mistakes; Printable Physical Wellness Checklist; Secure Your Future with Member Insurance; TXCPA's Career Center; Management Accountants - Stand Out With the CGMA® Designation
    View Article
  • Classifieds

    The classified ad section features listings for practice owners looking to sell, professionals seeking firms to purchase and a variety of specialized services. Whether you're looking to expand, sell or explore niche opportunities, this section connects professionals with valuable business prospects and resources.
    View Article

CHAIR
Mohan Kuruvilla, Ph.D., CPA

PRESIDENT/CEO
Jodi Ann Ray, CAE, CCE, IOM

CHIEF OPERATING OFFICER
Melinda Bentley, CAE

EDITORIAL BOARD CHAIR
Jennifer Johnson, CPA

MANAGER, MARKETING AND COMMUNICATIONS
Peggy Foley
pfoley@tx.cpa

MANAGING EDITOR
DeLynn Deakins
ddeakins@tx.cpa

COLUMN EDITOR
Don Carpenter, MSAcc/CPA

DIGITAL MARKETING SPECIALIST
Wayne Hardin, CDMP, PCM®

CLASSIFIEDS
DeLynn Deakins

Texas Society of CPAs
14131 Midway Rd., Suite 850
Addison, TX 75001
972-687-8550
ddeakins@tx.cpa

 

Editorial Board
Derrick Bonyuet-Lee, CPA-Austin;
Aaron Borden, CPA-Dallas;
Don Carpenter, CPA-Central Texas;
Rhonda Fronk, CPA-Houston;
Aaron Harris, CPA-Dallas;
Baria Jaroudi, CPA-Houston;
Elle Kathryn Johnson, CPA-Houston;
Jennifer Johnson, CPA-Dallas;
Lucas LaChance, CPA-Dallas, CIA;
Nicholas Larson, CPA-Fort Worth;
Anne-Marie Lelkes, CPA-Corpus Christi;
Bryan Morgan, Jr, CPA-Austin;
Stephanie Morgan, CPA-East Texas;
Kamala Raghavan, CPA-Houston;
Amber Louise Rourke, CPA-Brazos Valley;
Shilpa Boggram Sathyamurthy, CPA-Houston, CA
Nikki Lee Shoemaker, CPA-East Texas, CGMA;
Natasha Winn, CPA-Houston.

CONTRIBUTORS
Melinda Bentley; Kenneth Besserman; Kristie Estrada; Holly McCauley; Craig Nauta; Kari Owen; John Ross; Lani Shepherd; April Twaddle; Patty Wyatt

 

Your TXCPA membership has not been renewed for 2024 -2025. Renew now.