Your CPA firm’s best defense against cyberattacks is consistent and effective cybersecurity training and cyber education. Providing your employees with access to the right cyber tools and resources not only will enhance their professional development, but it will also mitigate against the single biggest threat to your firm’s data integrity: human error and negligence.
It’s a well-established fact in the cybersecurity world that people making honest mistakes and not following security protocols are the biggest security risks for every company, regardless of size and industry.
A recent state of the industry report by Shred-IT surveyed 1,000 small business owners and C-suite executives. Of those surveyed, 47 percent reported that human error was the root cause of the data breaches at their respective companies. Reducing human error risks around cybersecurity is essential to reducing the likelihood that your CPA firm will suffer a data breach. Every CPA firm needs to strive for continual improvement in cybersecurity effectiveness.
Part of data breach risk mitigation is implementing formal training on a regular basis, creating and documenting security procedures, building out an incident response plan, and making sure staff security awareness is as strong as your firm’s technical and software capabilities. Another aspect of cybersecurity preparedness is building a suite of cyber education and online training resources that staff members can utilize on their own, or to enhance your CPA firm’s existing, in-house cybersecurity training programs.
Again, more formal, face-to-face training delivered by internal or third-party experts is a critical part of cyberdefense. Self-directed, online training is an important part of the picture as well.
To enhance your team’s access to cybersecurity training, resources, and educational modules, the team at Cetrom has pulled together a menu of resources that you can share with your IT trainers and staff. Remember, the best defense against hackers and malware are employees that are highly trained and educated in cybersecurity best practices.
Cybersecurity Resources for Continual Education and Training
This 30-minute, self-directed cybersecurity course provides the basics to new staff members or a refresher to veteran team members.
Google’s blog provides a steady stream of security tips and insights on a wide range of topics, tailored to the layman. This is a great resource for your staff to learn the basics or to dig deeper for more detail.
SANS Information Security Resource Page
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. Its security resource page is a treasure trove of cybersecurity information from the basic to the most complex.
The Department of Homeland Security
The Department of Homeland Security (DHS) offers a comprehensive array of free cybersecurity resources and training opportunities.
By creating a free account, a staff member or designated teams get access to a vast library of cybersecurity training resources across all levels of skill and depth.
Future Learn offers a great, free introductory online course called “Introduction to Cybersecurity” that can get any staff member up to speed on how to protect the company’s data by implementing a few basic best practices.
Well, the website is not pretty looking, but the educational training modules provided by Open Security Training are effective and informative. This free cybersecurity resource is worth checking out or sharing with your staff for professional development and cyber awareness training.
Normally known as an academic online tool, Khan Academy has partnered with Nova Labs to create useful cybersecurity materials for beginners. For staff members that are visual learners, these short videos, accompanying quizzes and a glossary of terms can be very useful.
Registration is required for this free cyber training module that is video-based. IT leaders and IT staff can also download customizable templates to tailor in-house training sessions to company-specific needs.
The Information Security Forum
This independent, non-profit organization provides a comprehensive menu of cyber training and educational resources for every level of experience.
Providing impactful, continual cybersecurity training is an essential part of protecting your CPA firm’s data. It is only one part, however. Cybersecurity must be owned by the entire enterprise and approached holistically. No company can be completely safe from hackers and breaches, but by applying a holistic, regimented approach to cybersecurity, the risk of a breach that devastates your CPA firm will be significantly reduced.
“What we should actually be doing is thinking about what are our key controls that will mitigate the risks. How do we have those funneled and controlled through the team that we have, how do we work through that in a well-formatted, formulated process and pay attention to those controls we have chosen? Not a continual, add more, add more, add more,” stated Dr. Chris Pierson, CEO, Binary Sun Cyber Risk Advisors at SecureWorld Charlotte.
The keys to effective cybersecurity at your CPA firm is achieving the right mix of process with a strong, resilient, and committed cybersecurity culture at all levels of your company.
