Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...- Mid-sized
Accounting firms have more responsibility to protect their client’s information than ever before. Cybersecurity has become critically important as cyber-attacks and security threats continue to advance in prevalence and complexity. In 2018 alone, the FBI reported over 350,000 cyber-crime incidents, and they estimate only 1/10 incidents are reported. CPA firms are now a prime target and the best accounting firms not only provide excellent financial services and tax preparation but also diligently protect important client information. Cybersecurity isn’t just a best practice, it’s the law for professional tax preparers and is overseen by the Federal Trade Commission.
Due to the sensitive, confidential financial information accounting firms collect, they are rich targets for hackers and cybercriminals. And now with COVID-19 creating more teleworking, it also has created more opportunities for hackers to target potentially less secure systems. The good news is that because hackers capitalize on outdated systems and processes, user errors, and scams, CPA firms can successfully protect their clients by safeguarding data and instituting security protocols.
Just this week, news broke of the biggest cyberespionage hack ever carried out in history. Russian intelligence agents accessed the backend code of prominent IT management company SolarWinds nearly nine months ago, and the breach was not discovered until December 9. The victims of this cyberattack had been broad, ranging from the U.S. Department of State, to the Treasury Department, the National Institutes of Health, and the Department of Homeland Security. Despite the expertise available to these organizations and the precautions that they took, impact of this attack has been devastating. It will be months before the extent of the damage can be fully understood, and our technological infrastructure remains vulnerable until then. Cybersecurity breaches are not limited to the halls of regulatory agencies or security organizations.
Regardless of their size, whether it’s a one-person operation or a multinational corporation, CPA firms have a lot to lose from cybersecurity breaches.
Compromising client data might lose you the trust of your customers, but it could also result in costly litigation and fees depending on the extent of the breach. In the worst-case scenarios, data breaches can result in criminal investigation, civil litigation, and negative publicity.
The world of cybersecurity demands constant attention to detail and an ability to see ahead of would-be cyber criminals. Even popular software products supported by big tech brands are susceptible to these threats. At the end of the day, simply buying a subscription to a common antivirus provider just won't cut it. Rather, firms must be triple-layering their security and relying on AI-powered security technologies to ensure their data is secure.
Accounting firms should be aware that hackers today are often sophisticated criminal organizations that may employ linguists or attorneys to help perfect their scams. Here are a few common cyber threats facing accountants and their firms every day:
This is a nuanced, complicated technique that relies on impersonating key company officials by stealing (or closely mimicking) a trusted email account. The hackers then pressure other employees to transfer money or secure information to a trusted vendor, but with slightly different account numbers. Once transferred the hacker erases all records of themselves and disappears. They often impersonate high ranking officials, like a CEO, when they are extremely busy or out of the office. They use an email account or other communication that appears identical to the genuine one. They have been known to target both small and large CPA firms. The hackers obtained information through phishing, malware, and other deception.
Phishing starts when a hacker gets into your inbox using an email address that appears to be from a trusted colleague or business partner. From there they use that address to trick the unsuspecting recipient into divulging personal or client information such as account numbers, passwords, tax information, or other financial records. The phishing will often urge the recipient to click on what appears to be a genuine link to a genuine website.
Malware is a harmful software that is designed to damage an electronic device with the goal of stealing sensitive information. This software can work in a variety of ways and it commonly tracks your activities and even your keystrokes and can copy files. Malware infects computers through harmful links, downloading apps and files, and even public wi-fi. The best way to prevent malware is through strong security software and careful measures by employees.
There are specific, unique threats that CPA firms need to be aware of and work to prevent.
CPA firms work with extremely valuable, if seemingly mundane client data. Among this data might be addresses, birthdays, phone numbers, and other personal information. Hackers can use that data to target and steal from individual clients, or they can sell it to secondary parties that specialize in identity theft.
This data may be more specific to accounting firms and includes information like account numbers, bookkeeping records, tax records, credit card information, and EIN numbers.
The IRS has identified tax information as a common target for hackers. Cybercriminals aim to file fraudulent tax returns that better impersonate their victims and are harder to detect. They will steal data, e-Services passwords, EFINs, or CAF numbers. They can steal tax refunds and even expand their fraud to other areas of identity theft.
With all of the threats facing a typical CPA, accounting firms should institute a number of best practices to protect themselves and their clients. AI security technologies are the industry’s best defense against cyberattacks, and Cetrom is the only IT provider that uses two different AI security technologies in one effective solution.
Cetrom is proud to be able to maintain a record of excellence when it comes to staying one step ahead of cyber criminals. It has developed an IT solution aimed at protecting CPA firms from cyber threats – even the recent SolarWinds hack. In addition to relying on Cetrom’s CrowdStrike product installed and updated on all local devices and machines, CPA firms should follow a few best practices to ensure their data is protected:
This one is simple, yet often ignored. The majority of malware and breaches come through links. They may appear authentic, so it’s even more important to carefully read emails and confirm with a colleague before clicking through a link.
Make sure that staff understand the most common security threats and how to prevent them. A recent cybersecurity report showed that 95% of security breaches are caused by human error. Hackers rely on mistakes to succeed. Staff should know to never open email links, double check all monetary transfers, and use secure systems any time they’re teleworking. Consider a certificate program like those offered by the American Institute of Certified Public Accountants to ensure staff are given the right information.
Consider taking four steps to protect yourself and your firm.
In addition to that, you should lock down local admin rights and review your Disaster Recovery Plan (DRP). Keep in mind that if you have local admin rights on any of your workstations, an attacker will also have all the keys to your network. Also, in case of an unexpected outage, perform frequent disaster recovery drills with your team. Phishing scams rely on urgency, fear of dire consequences, and offers that are too good to be true.
Just as you have standards for record-keeping and tax preparation, make sure you have standards for data security and client privacy. Create data security protocols and make them second nature. Also, be sure to invest in capable software and technology that protects data even outside of the office. Finally, make sure that work computers are only used for work purposes.
Like every crime, cybercrime is better prevented than solved. It’s rarely prosecuted (only around 1% of hackers are ever brought to justice for their crimes) and money and data lost is almost never recovered. What’s more, any data breach, even a small one, will compromise your client’s trust and confidence. You can report malware, phishing, and other incidents, but once your firm has been compromised, you’ll need to notify clients and change your systems. Fortunately, however, most cybercrime is the result of human error, the majority of security breaches can be avoided by diligent employees and solid security systems.
Reach out to us. We’d love to learn more about your IT needs and challenges. Your security is Cetrom’s #1 priority.
Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...- Mid-sized