Most Overlooked CPA Cybersecurity Threats

Digital Worlds Create Opportunities for Cybercrime

Our increasingly digital world has innovated the way companies do business. However, it has also opened up opportunities for cybercrime, which cost businesses over $6 trillion in damages in 2021 worldwide. The resulting costs that companies must deal with from a cyber breach include identifying the breach, notifying the affected parties, downtime, recovery, repairs, lawsuits, and customer losses. These cause financial loss, result in data breaches for both businesses and clients, cause reputational loss and damage, and wreak havoc in your daily business operations. Cyber breaches can also result in class action lawsuits and other litigation. Most times, the damages stemming from cyber breaches will result in lost monies that won’t be recouped.

Companies — especially accounting firms — need to be prepared for the latest cyberattacks on their business operations, especially those who have very sensitive client data and information. Understanding the critical cybersecurity measures to implement will assist CPA firms in preventing fraudulent payments, stop data breaches from occurring, and mitigate damaging financial hits. CPA firms must first know what cybersecurity threats are out in the world so they can be prepared to implement these mitigation measures for their companies.

Commonly Overlooked Cyberthreats CPAs Should Understand

CPA firms handle a lot of sensitive information for both their clients and business practices — this makes CPA firms easy targets for cybercrime. The commonly overlooked cyberthreats CPA firms should understand are:

• Malware and ransomware. Malware, or “malicious software,” is intrusive software designed to access computers and systems to destroy them. Examples of malware are viruses, worms, Trojan viruses, spyware, adware, and ransomware. Malware-blocking software would detect the attack and block it automatically. As the name suggests, ransomware is a type of malware and continues to be the most significant threat to cybersecurity. It holds a user’s data “hostage” in exchange for some sort of demand, such as money. If they don’t get what they want, cybercriminals can threaten to publish or delete sensitive data. Traditionally, ransomware would aim to gain access to a computer to extract sensitive data. However, ransomware 2.0 has gotten more clever by interacting with humans directly, such as through a CAPTCHA test to lure an unwitting target to identify themselves as an actual human. The human target enables cyberattackers to use certain tactics that will not be thwarted by an automated mechanism. While a data breach costs CPA firms significant amounts of money, the reputational loss for being unprepared for cyber breaches can be much worse.
• Phishing schemes. In general, phishing is a tried-and-true method for cybercriminals to hack into companies via emails that appear to be from a reputable source in order to trick the recipient into entering passwords and credit card information, or other sensitive data. Spear-phishing occurs when a threat actor designs and implements a phishing attack specifically targeting a group of people, such as accountants. They are often familiar with a company’s daily operations. Finally, whaling is another kind of spear-phishing, where the attacker targets high-level individuals including, but not limited to, the C-suite and upper management. While your employees are critical for your success, research shows that up to 90% of cyberattacks that succeed are due to human error.
• Data theft. Cybercriminals also target data, which has huge financial consequences for firms. Between July 2018 and April 2019, each data breach cost firms a global average of $3.92 million, with larger firms experiencing an average cost of $5.11 million, and smaller organization breaches averaging $2.65 million. Some of these costs include investigating and hiring a forensics team to determine the source of the data breach, deploying the incident response teams, tracking down the victims of the breach, hiring legal and consulting services, in addition to losing revenues due to the breach.

The most effective way to avoid cyberthreats is prevention. In other blog posts, we’ve discussed how effective employee training is a critical step in preventing security breaches. The cost to train employees can be less than 1 percent of an average cost of a data breach. Another key prevention method is for your firm to implement cyber risk management practices, known as System and Organization Controls for Cybersecurity.

Opportunities to Innovate Cyber Risk Management

Although cyberthreats pose great harms to firms, they also open up opportunities to innovate cybersecurity. Specifically, companies can explore opportunities to enhance their cyber risk management. The new cybersecurity risk management framework creates opportunities for CPAs to showcase its cybersecurity risk management program to investors and clients; create new CPA consulting engagements with clients to provide this service; conduct “readiness assessments” to help clients understand their cybersecurity weaknesses and how to mitigate them; and perform a System and Organization Controls for Cybersecurity (SOC-C) to evaluate the client's cybersecurity risk management program. CPA firms should consider switching to a company that offers SaaS platforms/cloud-based solutions.

The SOC-C includes two types of tests: a nonattest consulting engagement and an examination of the design and operating effectiveness of cybersecurity controls. This type of cloud-based platform runs on the provider’s servers and is accessed by the internet. The service provider is responsible for the security, performance, and maintenance of the platform, thereby easing the burden on in-house IT departments. The cloud-based platform can offer an on-demand package of servers, robust cybersecurity measures, storage, databases, networking, and more. These cloud-based providers can also update your software and hardware on demand or as needed.

Long-Term Solutions Provided by Cetrom

Fortunately, Cetrom provides long-term solutions to the cybersecurity threats that CPAs face, including SOC-C risk management options. Cetrom is 100% focused on CPA firms and specializes in hosting accounting-specific applications. Our company heavily invests in the best-of-breed and most advanced AI security technologies on the market to help keep its clients up and running around the clock. We also offer cybersecurity training and best practices to keep your staff informed on evolving cyber threats and tactics. Also, Cetrom’s cloud-based cybersecurity platforms can be specifically designed to meet the needs of your CPA firm. We offer 24/7 customer support services as well, should a breach happen. Cetrom prides itself on being the best in the business, which includes being periodically and annually audited and verified to ensure our cloud-based security surpasses industry standards. We also hold several industry certifications such as Microsoft Gold Competencies, SSAE 16, FIPS 140, SOC Type 2, and HIPPA compliant.

CPA C-suite executives who are concerned about their firm’s ability to handle and adapt to the current cyber threats within the cybersecurity industry should look to Cetrom to get a consultation. When considering the possibilities of upgrading to a cloud-based solution, C-suite executives should be aware of the gaps in their current security systems first. Cetrom can help identify gaps in your cybersecurity systems. Additionally, technicians responsible for making this cybersecurity upgrade should be responsible for making sure technology works, ensuring uptime, and improving systems. They should always be looking for ways to improve systems and increase production. Cetrom can provide these services for CPA firms as well as training for employees and technicians.