June 30, 2021

Most Overlooked CPA Cybersecurity Threats

Digital Worlds Create Opportunities for Cybercrime

Our increasingly digital world has innovated the way companies do business. However, it has also opened up opportunities for cybercrime, which cost businesses over $6 trillion in damages in 2021 worldwide. The resulting costs that companies must deal with from a cyber breach include identifying the breach, notifying the affected parties, downtime, recovery, repairs, lawsuits, and customer losses. These cause financial loss, result in data breaches for both businesses and clients, cause reputational loss and damage, and wreak havoc in your daily business operations. Cyber breaches can also result in class action lawsuits and other litigation. Most times, the damages stemming from cyber breaches will result in lost monies that won’t be recouped.

Companies — especially accounting firms — need to be prepared for the latest cyberattacks on their business operations, especially those who have very sensitive client data and information. Understanding the critical cybersecurity measures to implement will assist CPA firms in preventing fraudulent payments, stop data breaches from occurring, and mitigate damaging financial hits. CPA firms must first know what cybersecurity threats are out in the world so they can be prepared to implement these mitigation measures for their companies.

Commonly Overlooked Cyberthreats CPAs Should Understand

CPA firms handle a lot of sensitive information for both their clients and business practices — this makes CPA firms easy targets for cybercrime. The commonly overlooked cyberthreats CPA firms should understand are:

  • Malware and ransomware. Malware, or “malicious software,” is intrusive software designed to access computers and systems to destroy them. Examples of malware are viruses, worms, Trojan viruses, spyware, adware, and ransomware. Malware-blocking software would detect the attack and block it automatically. As the name suggests, ransomware is a type of malware and continues to be the most significant threat to cybersecurity. It holds a user’s data “hostage” in exchange for some sort of demand, such as money. If they don’t get what they want, cybercriminals can threaten to publish or delete sensitive data. Traditionally, ransomware would aim to gain access to a computer to extract sensitive data. However, ransomware 2.0 has gotten more clever by interacting with humans directly, such as through a CAPTCHA test to lure an unwitting target to identify themselves as an actual human. The human target enables cyberattackers to use certain tactics that will not be thwarted by an automated mechanism. While a data breach costs CPA firms significant amounts of money, the reputational loss for being unprepared for cyber breaches can be much worse.
  • Phishing schemes. In general, phishing is a tried-and-true method for cybercriminals to hack into companies via emails that appear to be from a reputable source in order to trick the recipient into entering passwords and credit card information, or other sensitive data. Spear-phishing occurs when a threat actor designs and implements a phishing attack specifically targeting a group of people, such as accountants. They are often familiar with a company’s daily operations. Finally, whaling is another kind of spear-phishing, where the attacker targets high-level individuals including, but not limited to, the C-suite and upper management. While your employees are critical for your success, research shows that up to 90% of cyberattacks that succeed are due to human error.
  • Data theft. Cybercriminals also target data, which has huge financial consequences for firms. Between July 2018 and April 2019, each data breach cost firms a global average of $3.92 million, with larger firms experiencing an average cost of $5.11 million, and smaller organization breaches averaging $2.65 million. Some of these costs include investigating and hiring a forensics team to determine the source of the data breach, deploying the incident response teams, tracking down the victims of the breach, hiring legal and consulting services, in addition to losing revenues due to the breach.

The most effective way to avoid cyberthreats is prevention. In other blog posts, we’ve discussed how effective employee training is a critical step in preventing security breaches. The cost to train employees can be less than 1 percent of an average cost of a data breach. Another key prevention method is for your firm to implement cyber risk management practices, known as System and Organization Controls for Cybersecurity.

Opportunities to Innovate Cyber Risk Management

Although cyberthreats pose great harms to firms, they also open up opportunities to innovate cybersecurity. Specifically, companies can explore opportunities to enhance their cyber risk management. The new cybersecurity risk management framework creates opportunities for CPAs to showcase its cybersecurity risk management program to investors and clients; create new CPA consulting engagements with clients to provide this service; conduct “readiness assessments” to help clients understand their cybersecurity weaknesses and how to mitigate them; and perform a System and Organization Controls for Cybersecurity (SOC-C) to evaluate the client's cybersecurity risk management program. CPA firms should consider switching to a company that offers SaaS platforms/cloud-based solutions.

The SOC-C includes two types of tests: a nonattest consulting engagement and an examination of the design and operating effectiveness of cybersecurity controls. This type of cloud-based platform runs on the provider’s servers and is accessed by the internet. The service provider is responsible for the security, performance, and maintenance of the platform, thereby easing the burden on in-house IT departments. The cloud-based platform can offer an on-demand package of servers, robust cybersecurity measures, storage, databases, networking, and more. These cloud-based providers can also update your software and hardware on demand or as needed.

Long-Term Solutions Provided by Cetrom

Fortunately, Cetrom provides long-term solutions to the cybersecurity threats that CPAs face, including SOC-C risk management options. Cetrom is 100% focused on CPA firms and specializes in hosting accounting-specific applications. Our company heavily invests in the best-of-breed and most advanced AI security technologies on the market to help keep its clients up and running around the clock. We also offer cybersecurity training and best practices to keep your staff informed on evolving cyber threats and tactics. Also, Cetrom’s cloud-based cybersecurity platforms can be specifically designed to meet the needs of your CPA firm. We offer 24/7 customer support services as well, should a breach happen. Cetrom prides itself on being the best in the business, which includes being periodically and annually audited and verified to ensure our cloud-based security surpasses industry standards. We also hold several industry certifications such as Microsoft Gold Competencies, SSAE 16, FIPS 140, SOC Type 2, and HIPPA compliant.

CPA C-suite executives who are concerned about their firm’s ability to handle and adapt to the current cyber threats within the cybersecurity industry should look to Cetrom to get a consultation. When considering the possibilities of upgrading to a cloud-based solution, C-suite executives should be aware of the gaps in their current security systems first. Cetrom can help identify gaps in your cybersecurity systems. Additionally, technicians responsible for making this cybersecurity upgrade should be responsible for making sure technology works, ensuring uptime, and improving systems. They should always be looking for ways to improve systems and increase production. Cetrom can provide these services for CPA firms as well as training for employees and technicians.

CPA Firm’s Guide to Choosing a Cloud Provider

Why Are CPA Firms Opting for Cloud Providers? CPA firms continue to shift toward using cloud providers for their IT needs. The number of firms ..
July 22,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

CPA Firm’s Guide to Choosing a Cloud Provider

Why Are CPA Firms Opting for Cloud Providers? CPA firms continue to shift toward using cloud providers for their IT needs. The number of firms ..
July 22,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?