July 26, 2016

Cetrom in CPA Practice Advisor: The War On IT: Ransomware and How Accounting Firms Are At Risk

This article originally appeared on CPAPracticeAdvisor.com here. By Christopher Stark, President and CEO, Cetrom On Jul 26, 2016.

In this day in age, CPA firms need to be just as aware of cybersecurity threats as they are filing deadlines and tax guidelines. One of the most vicious cyber threats in history is affecting small businesses, individuals and accounting firms right now- ransomware.

Ransomware is a type of malicious software that encrypts files, blocks access to computer systems then requires an anonymous payment, and has the ability to make a dramatic and devastating impact on your business. A recent report released by the FBI claims ransomware infections caused more than $1.6 million in losses last year for individuals and businesses- an absolute pandemic, as stated by TechTarget.

It only takes one click of a mouse for your firm to quickly become infected with ransomware. Often times, it occurs when staff opens attachments within emails. These emails may appear to contain important client data or a shipping confirmation, but it is just disguised malware. Microsoft Malware Protection Center notes your firm’s infrastructure can also become exposed to ransomware when employees access fake or suspicious websites.

Keeping your data and applications safe and secure from ransomware attacks, while increasing your clients’ awareness of malicious software, requires collaboration with your internal IT department and/or managed IT provider There are three things you can do to better protect your firm and clients: examine your current IT infrastructure, update security measures, and educate your staff and clients.

  1. Examine Current IT Infrastructure: Your firm stores and accesses client information on a daily basis, so you must make sure this critical information is kept safe. To ensure client files are protected, your firm should perform a security audit to identify vulnerabilities in your organization’s IT infrastructure. The New Jersey Society of Certified Accountants (NJCPA) recommends partnering with a third-party security firm to conduct a Vulnerability Assessment or Penetration Test at least once each year. The results from the security audit can help your firm establish a plan to close any security gaps that make your organization vulnerable to ransomware.In addition, you should review and test your disaster recovery and business continuity plans each time your IT environment changes. In the event of a ransomware attack, these plans are invaluable. IT Business Edge notes disaster recovery plans can help your firm get systems back up and running after a cybersecurity attack. The same article also advises that business continuity plans enable staff to remain productive while cybersecurity issues are being resolved.
  2. Update Security Measures: When ransomware infects an organization’s IT infrastructure, it can restrict access to critical information stored within the computer system. Because of this, it is important for your CPA firm to be proactive in updating security measures. Your firm’s data backup procedure is a key security measure that should be top of mind. TechAdvisory.org advises that small to mid-size businesses that work with critical client information to perform daily backups. Frequent backups will minimize your organization’s loss of data in the event of a ransomware attack.Along with updating your firm’s data backup procedures, you should also consider where your data backups are being stored when revamping security measures. Many organizations store their backups to on-site servers within their IT infrastructure, making their data vulnerable to ransomware attacks. To ensure your data backups will not be infected by malicious malware, you should consider storing data backups on servers at a secure off-site storage facility. This will allow your organization to restore its IT infrastructure from the most recent backup in the event of a ransomware attack.
  3. Educate Staff and Clients: As mentioned earlier, emails containing suspicious attachments and fake websites can lead to your firm becoming infected with ransomware. To minimize the likelihood of your staff opening these types of emails or websites, collaborate with your internal IT department to develop and implement cybersecurity training courses. Cybersecurity training courses will help educate your staff on the different types of ransomware threats. Once your employees become well-versed on the types of email attachments they should not open and websites they should not access, then they can pass along their knowledge to your clients as advisory services. The American Institute of Certified Public Accountants (AICPA) recommends that firms provide advisory services in which their staff educates clients on their organization’s security measures, potential cybersecurity threats, and steps they can take to ensure their critical information is safe and secure.
Examining your IT infrastructure, updating security measures, and educating staff and clients will help you protect your organization and client base. If your organization’s IT department or IT managed provider is struggling to keep up with the latest cybersecurity threats, a cloud service provider with extensive cybersecurity experience can step in and fill the gap in areas where you feel your firm’s security practices are lacking. Whether you are working with your IT department or consulting a cloud vendor, your firm’s top priority must be keeping your IT infrastructure and your clients’ data safe from any cybersecurity threats, including ransomware.

EDR and MDR - Essential Security Benefits

With the continuing shift to the cloud and increasing cyber-attacks targeting CPA agencies, the cybersecurity landscape is changing in a way that..
March 20,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

News Archives

See all

EDR and MDR - Essential Security Benefits

With the continuing shift to the cloud and increasing cyber-attacks targeting CPA agencies, the cybersecurity landscape is changing in a way that..
March 20,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

News Archives

See all
Is Cetrom Your Cloud Services Solution?