December 23, 2020

How to Shield Your CPA Firm from Cyber Threats

Accounting firms have more responsibility to protect their client’s information than ever before. Cybersecurity has become critically important as cyber-attacks and security threats continue to advance in prevalence and complexity. In 2018 alone, the FBI reported over 350,000 cyber-crime incidents, and they estimate only 1/10 incidents are reported. CPA firms are now a prime target and the best accounting firms not only provide excellent financial services and tax preparation but also diligently protect important client information. Cybersecurity isn’t just a best practice, it’s the law for professional tax preparers and is overseen by the Federal Trade Commission.

Due to the sensitive, confidential financial information accounting firms collect, they are rich targets for hackers and cybercriminals. And now with COVID-19 creating more teleworking, it also has created more opportunities for hackers to target potentially less secure systems. The good news is that because hackers capitalize on outdated systems and processes, user errors, and scams, CPA firms can successfully protect their clients by safeguarding data and instituting security protocols.

The Cost of Security Breaches

Just this week, news broke of the biggest cyberespionage hack ever carried out in history. Russian intelligence agents accessed the backend code of prominent IT management company SolarWinds nearly nine months ago, and the breach was not discovered until December 9. The victims of this cyberattack had been broad, ranging from the U.S. Department of State, to the Treasury Department, the National Institutes of Health, and the Department of Homeland Security. Despite the expertise available to these organizations and the precautions that they took, impact of this attack has been devastating. It will be months before the extent of the damage can be fully understood, and our technological infrastructure remains vulnerable until then. Cybersecurity breaches are not limited to the halls of regulatory agencies or security organizations.

Regardless of their size, whether it’s a one-person operation or a multinational corporation, CPA firms have a lot to lose from cybersecurity breaches. 

Compromising client data might lose you the trust of your customers, but it could also result in costly litigation and fees depending on the extent of the breach. In the worst-case scenarios, data breaches can result in criminal investigation, civil litigation, and negative publicity.

Common Threats to CPA Firms

The world of cybersecurity demands constant attention to detail and an ability to see ahead of would-be cyber criminals. Even popular software products supported by big tech brands are susceptible to these threats. At the end of the day, simply buying a subscription to a common antivirus provider just won't cut it. Rather, firms must be triple-layering their security and relying on AI-powered security technologies to ensure their data is secure.

Accounting firms should be aware that hackers today are often sophisticated criminal organizations that may employ linguists or attorneys to help perfect their scams. Here are a few common cyber threats facing accountants and their firms every day:

Business Email Compromise

This is a nuanced, complicated technique that relies on impersonating key company officials by stealing (or closely mimicking) a trusted email account. The hackers then pressure other employees to transfer money or secure information to a trusted vendor, but with slightly different account numbers. Once transferred the hacker erases all records of themselves and disappears. They often impersonate high ranking officials, like a CEO, when they are extremely busy or out of the office. They use an email account or other communication that appears identical to the genuine one. They have been known to target both small and large CPA firms. The hackers obtained information through phishing, malware, and other deception.

Phishing Scams

Phishing starts when a hacker gets into your inbox using an email address that appears to be from a trusted colleague or business partner. From there they use that address to trick the unsuspecting recipient into divulging personal or client information such as account numbers, passwords, tax information, or other financial records. The phishing will often urge the recipient to click on what appears to be a genuine link to a genuine website.

Malware

Malware is a harmful software that is designed to damage an electronic device with the goal of stealing sensitive information. This software can work in a variety of ways and it commonly tracks your activities and even your keystrokes and can copy files. Malware infects computers through harmful links, downloading apps and files, and even public wi-fi. The best way to prevent malware is through strong security software and careful measures by employees.

What Hackers Target at CPA firms

There are specific, unique threats that CPA firms need to be aware of and work to prevent.

Client Data

CPA firms work with extremely valuable, if seemingly mundane client data. Among this data might be addresses, birthdays, phone numbers, and other personal information. Hackers can use that data to target and steal from individual clients, or they can sell it to secondary parties that specialize in identity theft.

Financial Information

This data may be more specific to accounting firms and includes information like account numbers, bookkeeping records, tax records, credit card information, and EIN numbers.

Documents to Create Fraudulent Tax Returns

The IRS has identified tax information as a common target for hackers. Cybercriminals aim to file fraudulent tax returns that better impersonate their victims and are harder to detect. They will steal data, e-Services passwords, EFINs, or CAF numbers. They can steal tax refunds and even expand their fraud to other areas of identity theft.

How to Protect Client Information

With all of the threats facing a typical CPA, accounting firms should institute a number of best practices to protect themselves and their clients. AI security technologies are the industry’s best defense against cyberattacks, and Cetrom is the only IT provider that uses two different AI security technologies in one effective solution. 

Cetrom is proud to be able to maintain a record of excellence when it comes to staying one step ahead of cyber criminals. It has developed an IT solution aimed at protecting CPA firms from cyber threats – even the recent SolarWinds hack. In addition to relying on Cetrom’s CrowdStrike product installed and updated on all local devices and machines, CPA firms should follow a few best practices to ensure their data is protected:

Never Click Email Links

This one is simple, yet often ignored. The majority of malware and breaches come through links. They may appear authentic, so it’s even more important to carefully read emails and confirm with a colleague before clicking through a link.

Train staff

Make sure that staff understand the most common security threats and how to prevent them. A recent cybersecurity report showed that 95% of security breaches are caused by human error. Hackers rely on mistakes to succeed. Staff should know to never open email links, double check all monetary transfers, and use secure systems any time they’re teleworking. Consider a certificate program like those offered by the American Institute of Certified Public Accountants to ensure staff are given the right information.

Protect Yourself from Phishing Scams

Consider taking four steps to protect yourself and your firm.

  1. Use AI security software on your computer.
  2. Automatically update and patch your devices, including your phone and computer.
  3. Use multi-factor authentication to limit damage from any data breach.
  4. Backup all data and make sure you have a copy stored off your network.

In addition to that, you should lock down local admin rights and review your Disaster Recovery Plan (DRP). Keep in mind that if you have local admin rights on any of your workstations, an attacker will also have all the keys to your network. Also, in case of an unexpected outage, perform frequent disaster recovery drills with your team. Phishing scams rely on urgency, fear of dire consequences, and offers that are too good to be true. 

Develop Company Standards

Just as you have standards for record-keeping and tax preparation, make sure you have standards for data security and client privacy. Create data security protocols and make them second nature. Also, be sure to invest in capable software and technology that protects data even outside of the office. Finally, make sure that work computers are only used for work purposes.

The Bottom Line

Like every crime, cybercrime is better prevented than solved. It’s rarely prosecuted (only around 1% of hackers are ever brought to justice for their crimes) and money and data lost is almost never recovered. What’s more, any data breach, even a small one, will compromise your client’s trust and confidence. You can report malware, phishing, and other incidents, but once your firm has been compromised, you’ll need to notify clients and change your systems. Fortunately, however, most cybercrime is the result of human error, the majority of security breaches can be avoided by diligent employees and solid security systems.

Reach out to us. We’d love to learn more about your IT needs and challenges. Your security is Cetrom’s #1 priority.

Contact Us

Citrix vs. RDP: An Honest Comparison

Citrix and RDP Both Rely on Virtualization: What Is It? Before discussing the differences between Citrix Xen and Remote Desktop Protocol (RDP),..
November 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Citrix vs. RDP: An Honest Comparison

Citrix and RDP Both Rely on Virtualization: What Is It? Before discussing the differences between Citrix Xen and Remote Desktop Protocol (RDP),..
November 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?