Are You Taking Cyber Security Seriously Enough as a CPA?

Accountants aren't IT professionals, let alone Infosec experts, but you are in the business of managing risk and handling sensitive information, and you do play a central role in many clients' risk management and financial planning. Those reasons alone are enough to make an emphasis on cyber security important for CPAs, but they are hardly the only reasons to focus on it. In addition to the peace of mind you get for yourself and your clients, a robust approach to security online and in your internal networks means a better understanding of the return various options provide on your investment. That, in turn, allows you to better advise clients who are putting their operations at risk by under-investing in this area, the same way you would advise them to follow up on their insurance coverage after a major change to their operations. This role as a financial sounding board and informational resource might be informal in some cases, but in many cases it is exactly why a client hires your services instead of a basic bookkeeper.

Global Risks for Businesses

In addition to your efforts to put the right security tools into place, you'll also need to develop processes for staying informed of developments in cyber security to stay ahead of developing threats. That is easy in an age when you can choose industry digests aimed at various professional roles, and many professional organizations offer starting resources for members. Since these organizations also serve as platforms for professional publications, it's a great bolster to your reputation if you can submit any new analysis or observation on this front to The United CPA Association as you develop your approach, as well as a good place to look for similar reports from other CPAs working on this issue. General risks for businesses in every sector have also been identified in the World Economic Forum's Global Risk Report for businesses, and it is a good idea for every professional to understand it, whether they own a company or work for someone else's.
The report is over 70 pages every year, but it is essential reading if you're taking security seriously. If you understand the role of developing data and innovation in areas like marketing, it shouldn't be too hard to see how the evolution of new technologies and ways of using them impacts your ability to secure your financial information and that of your customers. It is a great way to match your developing needs to the products you use to manage your risks, and it can also help you understand the recommendations you get from outside consultants if you hire them to manage your exposure online.

Law Enforcement Resources for Risk Management

Online tools for cyber security are a great way to protect yourself from network invasions and other forms of unauthorized access, but social engineering and other backdoor methods of gaining access to legitimate credentials for abuse are also a major risk. The FBI's resources for businesses provide training tools for companies looking to lower the risk of employees succumbing to phishing operations and other scams designed to provide criminals with access to the information they need to breach a system. These common-sense changes to the way you do business can help you and your clients, and they are easy to adopt when you know what they are. Law enforcement resources represent a free opportunity to gather important intelligence you can use, and that lets you look for the services you need to outsource with a better sense of how they fit into an overall security plan. They'll also help you make better decisions about which ones you can handle in-house.

Reporting Crimes and Attempted Scams

If you ever encounter a breach of your security, you need a method of reporting it, and the FBI has established channels for that as well. It's called the Internet Crime Complaint Center, and it is vital if you're a victim of an incursion, because it helps initiate the investigations that can hold the criminals accountable. That is a vital step in the process of handling potential damages. Even unsuccessful breaches are criminal acts, so it's worth the time to build policies that encourage your information security staff and contractors to report every incident. Those reports can help the FBI take down bad actors before they have a chance to refine their approach well enough to slip past your defenses.

Securing Remote Services

In 2019, most companies have a handle on the basics like email spam filtering, but educating your workforce about scams that might slip through is an important step. So is securing your service when customers communicate with you remotely. Consider your options carefully whenever you offer cloud-based services like access to real-time financial records because the contractors you work with will have a huge impact on the quality of the service you provide as well as its security. The only way for you to take security seriously is to work with vendors who do the same. The good news is, if your services are built on top of another API, you can secure them with your own team at the point of delivery to customers, providing you with a way to get even better control over your online security when you work with customers at a distance.
• Take charge of risk assessment on a day to day basis
• Let professionals bring you a comprehensive, evolving security plan
• Consider which services are necessary and which can be trimmed to reduce points of vulnerability
• Combine insurance and security investments for comprehensive risk management

Security and Insurance for Comprehensive Risk Management

Your liability expands as your exposure does, so the more you offer your clients online, the more important it is to have the right approach to protecting your information and that of your clients. That's why it's important to consider the insurance options that will help you have fallback protection should your security fail in ways that expose you to liability. That way, you will be able to protect yourself professionally if your business runs into bad actors who are ahead of the curve.

1 people are following this post.