September 01, 2024

Top Cybersecurity Tactics for CPAs in the Digital Age

By Stacey Howard

While navigating digital transformation, the world positions the accounting profession in its crosshairs. Many CPAs and accounting firms are sitting on a treasure trove of sensitive data and are becoming prime targets for cybercriminals.

Technology has introduced innovative measures for streamlining processes and enhancing the efficiency of CPA firms. However, everything that glitters is not gold.

According to IBM's Cost of a Data Breach report, firms investing in cybersecurity now are saving an average cost of $4.45 million/data breach, a 15% increase over the past three years.

These advancements also open up the accounting profession to novel risks. Consequently, cybersecurity solutions have become imperative for CPAs to safeguard their businesses and clients.

The Rise of Digital Transformation in Accounting

CPAs and accounting firms are actively reshaping themselves through digital transformation. They are embracing advanced tools and technologies such as artificial intelligence (AI), machine learning and automation. These innovative measures enhance efficiency and empower CPAs and accountants to transition their focus from mere data crunching to high-value services. This shift includes strategic financial planning and risk management, even business advisory services.

Technology has revolutionized the accounting profession; however, it introduces new challenges – notably cybersecurity threats – that demand immediate attention.

Why Hackers Are Targeting CPAs

In recent years, we have witnessed a shift in focus among hackers. They no longer concentrate solely on the prominent, headline-making targets associated with previous breaches. Instead, their attention extends to smaller and less conspicuous victims.

Emerging patterns suggest that certain financial cybersecurity criminals might even circumvent launching ransomware attacks against larger organizations. This will help to prevent national political or law enforcement responses – as Sherry Bambrick, Senior Underwriter for the AICPA Member Insurance Programs, asserts. This is an evolving strategy carrying significant implications for CPAs.

Bambrick stated: "Hackers find CPA firms particularly attractive because these entities essentially aggregate financial and personal identifiable information (PII) data. The escalating emphasis on smaller organizations, along with the vast amount of PII potentially held by a firm, significantly amplifies the risk they encounter."

Hackers target CPA firms not only for their access to client funds but also due to the assumption that mid-size and smaller firms lack robust information security strategies. These assumptions are born from a misguided belief held by their leaders that they're too small to be targeted.

What Are the Best Cybersecurity Practices for CPAs?

Let’s tap into some of the cybersecurity practices to stay ahead in the competitive market.

1. Proactively Detect Risks. CPAs must proactively detect risks and vulnerabilities and protect against breaches or "active" concerns such as phishing and ransomware. They need to put measures in place for this.

Moreover, these protective strategies should address the technology involved and its users. Comprehensive security is a shared responsibility where both digital systems and human factors intersect in all their complex intricacies. How you can go about it:

  • Use risk assessments for a health check of your business;
  • Implement zero trust factor that aims to protect the network and security infrastructure;
  • Watch for advanced persistent threats (APTs) and monitor endpoints by using tools such as endpoint detection response (EDR); and
  • Use software like MetricStream IT and cyber risk management software for risk identification.

2. Conduct Training and Build a Secure Culture. CPA firm owners should conduct security awareness training that includes real-world exercises. In particular, realistic and challenging phishing simulations should be implemented. To reinforce best practices, adeptly blend teaching with engaging activities.

Construct a firm emphasizing a "culture of security," focusing on data governance and management. Remember that the business side – not just the IT and risk management divisions – must provide robust input for this initiative. CPAs can run cybersecurity governance and risk management programs using voluntary framework, which can include the risk assessment.

For instance, the National Institute of Standards and Technology (NSIT) includes the following five continuous functions:

  • Identify: Develop an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities.
  • Protect: Proactively implement appropriate safeguards to ensure the delivery of critical services. By doing so, you can take control of your cybersecurity landscape.
  • Detect: Identify the occurrence of a cybersecurity event.
  • Respond: Take action regarding a detected cybersecurity incident.
  • Recover: Maintain resilience plans and restore any capabilities or services that were impaired by a cybersecurity incident.

3. Emphasize Self-Awareness Practice. Remind your employees to cultivate self-awareness, a crucial practice in today's digital landscape. Taking a moment before responding or acting upon suspicious emails can often mark the turning point; it is usually half the battle won.

To illustrate this concept, urge them to evaluate dubious URLs for anomalies and validate the sender's identity through another trusted method – perhaps by placing an essential phone call.

4. Implement Multi-Factor Authentication and Restrict Online Sharing. All access points require more than just a password to join the network, so utilize multi-factor authentication. Implementing confirmation via text messages, phone calls or fingerprints, despite its minimal effort, can significantly enhance a firm's security.

You should push employees to restrict the online sharing of work-related information, as potential attackers can leverage this practice for social engineering schemes. It will effectively mitigate cyber criminals' ammunition by refraining from incorporating details such as client or colleague names in personal social media posts.

5. Use VPN. A virtual private network (VPN) masks employees' identities, safeguarding their communications from potential attackers, a measure particularly crucial when they utilize public WiFi.

To scan and block malicious links, attachments or accounts – thus potentially intercepting and neutralizing malware from a corrupt link or attachment – requires the active tasks of installing and maintaining regular updates. Anti-virus/anti-phishing software is our tool for such critical operations.

6. Ensure Strict Control Over Data Sharing. When engaging with third-party providers, exercise stringent control measures like incorporating indemnification clauses or stipulating that the provider maintains cyber insurance in its service agreement for potential breaches on a third-party platform.

7. Plan Ahead for Any Data Breach. You must create a robust security and breach response plan that can be quickly implemented in the event of an issue. Furthermore, it is imperative to revisit and update this plan regularly. This practice helps ensure its effectiveness against the ever-evolving risk landscape.

Bottom Line

Integrating AI in accounting services not only augments cybersecurity defenses but also empowers firms to navigate the complexities of modern digital landscapes with confidence. See how at this link.

The evolution of digital transformation in accounting necessitates a paramount focus on cybersecurity. As cyber threats continue to advance, CPA firms must actively enhance their security measures. This is crucial for both protecting sensitive data and ensuring compliance with industry regulations.

About the Author: Stacey Howard is an accomplished blogger with over a decade of experience in the field of accounting and bookkeeping. With her extensive knowledge and expertise, she has been working as an accountant at a leading business process management firm Accounting To Taxes. Throughout her career, she has developed a passion for sharing valuable insights and information on various accounting industries through her engaging and informative write-ups. Her contributions to the accounting community have been widely recognized, making her a sought-after expert in the field.

 

Thanks to the Sponsors of Today's CPA Magazine

This content was made possible by the sponsors of this issue of Today's CPA Magazine: 

Accounting Biz Brokers

Accounting Practice Sales

CPA Charge

Goodman Financial

Poe Group Advisors

 


  • How Accountants Can Leverage Corporate Culture for Success

    High-profile accounting scandals have led to reforms aimed at reducing fraud and corporate misconduct, with regulators emphasizing the need for ethical corporate cultures and strong leadership. Despite its importance, corporate culture is rarely included in accounting and audit standards, leaving CPAs without clear guidance on how to assess or apply it.
    View Article
  • CPE: The Tollgates of Inventory and Financial Control

    A key challenge for management accountants and manufacturing companies is managing operations and the resulting impact on financial statements. Standard procedures, work instructions and shop floor decisions significantly influence the financial performance of inventory-focused companies. Effective monitoring of five tollgates of inventory movement is essential.
    View Article
  • Spotlight on CPAs: Madhuri Bandla, CPA-Dallas, CFE

    Madhuri Bandla is a Senior Lecturer of Accounting at the University of North Texas G. Brint Ryan College of Business. She is dedicated to student success, mentoring and volunteering, aiming to positively impact the university, the accounting profession and the local community. Learn more about her career path and her commitment to teaching, learning and facilitating professional development.
    View Article
  • Top Cybersecurity Tactics for CPAs in the Digital Age

    The article highlights the growing cybersecurity risks facing CPAs and accounting firms as digital transformation reshapes the landscape. As firms adopt advanced technologies like AI and automation to streamline operations, they become prime targets for cybercriminals due to the sensitive data they hold. Ensuring strong security practices is essential for protecting sensitive data.
    View Article
  • Every Member Plays a Part

    Read about an important update from AICPA’s National Pipeline Advisory Group. The group released a report outlining six strategies to address the accounting talent shortage, including enhancing education, supporting CPA Exam candidates and increasing diversity. TXCPA, now in the third year of our CPA Pipeline Strategy, is aligning our efforts with these national initiatives to boost outreach and workforce development.
    View Article
  • TXCPA Annual Meeting - Looking Back and Charting the Path Ahead

    TXCPA’s Annual Meeting and Leadership Council Meeting was held on June 28-29, 2024, at the Omni Frisco Hotel, blending networking, learning and fun. Leaders reviewed the accomplishments of 2023-2024 and set priorities for 2024-2025. TXCPA also emphasized community-building through local chapters, service initiatives and diversity efforts. TXCPA aims to continue addressing CPA pipeline issues, growing the membership, enhancing member benefits, and supporting advocacy initiatives.
    View Article
  • What’s Happening Around Texas - September-October

    Learn about some of the recent events and activities that happened around the state in the TXCPA chapters.
    View Article
  • 2023-2024 Outstanding Chapter Awards

    Each year, Outstanding Chapter Awards are awarded to the small and medium-sized chapters to inspire their continuing work to elevate member service. For 2023-2024, TXCPA San Angelo and TXCPA South Plains received the awards. Read about their impressive accomplishments.
    View Article
    chapter-map-coded-by-size
  • SEC Adopts Climate-Related Disclosures

    The SEC issued final rules in March for climate-related disclosures. Just a month later, the SEC issued a stay even though the rules do not become effective until 2026. With a pending review in the U.S. 8th Circuit Court of Appeals, the SEC stated that the stay’s purpose is to avoid regulatory uncertainty until the court hears the matter.
    View Article
  • Optimizing Consultant Engagement for Business Growth

    Managing a growing company involves balancing daily operations with strategic planning, financial management, marketing and compliance. In smaller firms with fluid roles, it can be hard to focus on all functions equally. Consultants can offer valuable expertise and solutions, helping business owners achieve their goals more effectively.
    View Article
  • The Importance of the CPA Pipeline

    Focus on the CPA pipeline issue has become a key topic in the accounting profession. Various task forces, state societies and legislative bodies are working on addressing the shortage of CPAs, and TXCPA is actively involved in national efforts. TXCPA is also exploring legislative changes in Texas, while ensuring that CPA mobility – allowing CPAs to practice across state lines without additional licensing – is preserved.
    View Article
  • TXCPA Thanks Our Faculty and Student Ambassadors!

    A big thank you goes to TXCPA's 2024-2025 Faculty and Student Ambassadors! Our ambassadors play a vital role in enhancing TXCPA’s presence on Texas campuses, helping us better understand how to support educators and students. Together, we are working to expand the pipeline of future CPAs in Texas.
    View Article
  • Take Note

    In this edition of Take Note: Join TXCPA's Key Persons Program; Occupational Wellness - Tips for a Fulfilling Work Life; November is Month of Service and Accounting Opportunities Month; Submit an Article to Today’s CPA Magazine
    View Article
  • Classifieds

    The classified ad section of Today's CPA offers a dynamic marketplace, featuring listings for practice owners looking to sell, professionals seeking firms to purchase and a variety of specialized services. Whether you're looking to expand, sell or explore niche opportunities, this section connects professionals with valuable business prospects and resources.
    View Article

 

 

CHAIR
Mohan Kuruvilla, Ph.D., CPA

PRESIDENT/CEO
Jodi Ann Ray, CAE, CCE, IOM

CHIEF OPERATING OFFICER
Melinda Bentley, CAE

EDITORIAL BOARD CHAIR
Jennifer Johnson, CPA

MANAGER, MARKETING AND COMMUNICATIONS
Peggy Foley
pfoley@tx.cpa

MANAGING EDITOR
DeLynn Deakins
ddeakins@tx.cpa

COLUMN EDITOR
Don Carpenter, MSAcc/CPA

DIGITAL MARKETING SPECIALIST
Wayne Hardin, CDMP, PCM®

CLASSIFIEDS
DeLynn Deakins

Texas Society of CPAs
14131 Midway Rd., Suite 850
Addison, TX 75001
972-687-8550
ddeakins@tx.cpa

 

Editorial Board
Shivam Arora, CPA-Dallas;
Derrick Bonyuet-Lee, CPA-Austin;
Aaron Borden, CPA-Dallas;
Don Carpenter, CPA-Central Texas;
Rhonda Fronk, CPA-Houston;
Aaron Harris, CPA-Dallas;
Baria Jaroudi, CPA-Houston;
Elle Kathryn Johnson, CPA-Houston;
Jennifer Johnson, CPA-Dallas;
Lucas LaChance, CPA-Dallas, CIA;
Nicholas Larson, CPA-Fort Worth;
Anne-Marie Lelkes, CPA-Corpus Christi;
Bryan Morgan, Jr, CPA-Austin;
Stephanie Morgan, CPA-East Texas;
Kamala Raghavan, CPA-Houston;
Amber Louise Rourke, CPA-Brazos Valley;
Nikki Lee Shoemaker, CPA-East Texas, CGMA;
Natasha Winn, CPA-Houston.

CONTRIBUTORS
Melinda Bentley; Kenneth Besserman; Holly McCauley; Shicoyia Morgan; Craig Nauta; Kari Owen; John Ross; Lani Shepherd; April Twaddle; Patty Wyatt

 

Your TXCPA membership has not been renewed for 2024 -2025. Renew now.