IT Security Key Concern for CPAs and Their Clients
Securing the IT environment is a key issue in today's business world as organizations attempt to manage the risks in cloud computing, the use of mobile devices and defending against cyber-attacks. The importance of security is becoming more apparent each day. Earlier this year, Yahoo Japan experienced an IT security breach in which the user names of 22 million people were stolen. Back in 2010, Google reported that it was the victim of a Chinese cyber-attack; a similar attack is believed to have been launched against the U.S. government. But it’s not just big businesses and governments that have to fend off cyber-attacks; small businesses experience the same problems. Securing the IT environment is clearly a universal issue and can be a constant challenge when it comes to identifying threats.
CPAs in the U.S. and Canada agree that IT security is a key concern. The issue ranked second in the 2013 North America Top Technology Initiatives Survey – after managing and retaining data. For many, securing the IT environment remains a concern due to the following risks:
- Inadequate security policy. An organization that has not considered all the vulnerabilities and threats related to information technology could be at serious risk – especially when it has an inadequate security policy in place.
- Loss, theft or compromise of a mobile device. The loss, theft or compromise of a mobile device could disrupt an organization’s operations and result in the loss of sensitive or confidential client and customer data.
- Cyber-attack targets. The proliferation of mobile devices connecting to business networks and the increased migration of critical data processing and storage to the cloud has expanded the number of potential targets for cyber-attacks. These attacks increase an organization’s risk of fraud, intellectual property theft, network incapacitation and damage to brands and corporate reputation.
Securing the IT environment begins with a comprehensive risk assessment in which an organization thoroughly considers its information technology vulnerabilities and threats. Then, the organization can implement policies to mitigate those risks, including safeguarding networks and servers from cyber-attack, securing all mobile devices including laptops, tablets and mobile phones from data breaches and ensuring that data will be safe in the event of a cyber-attack or mobile device loss.
Managing the risks for organizations using cloud computing means balancing the value that it offers, such as accessing more computing resources for less money, against risks such as breaches of data privacy, identity and access integrity and system availability.
To help firms and their business clients better understand how to address a security breach, the AICPA Information Management and Technology Assurance Section is presenting a webcast, Cyber Security: You've Been Breached Now What, from 3 to 5 p.m. ET on July 11. The webcast will discuss issues involving a response team, notification to law enforcement, investigation and containment, communication to employees and customers and the cost of an attack.
Jocelyn M. Woodard, Manager IMTA, American Institute of CPAs. Jocelyn is a technology risk and assurance manager assisting AICPA committee and task force members with the planning and implementation of initiatives that will better aid CPAs in understanding and utilizing information management and technology assurance tools and concepts.
IT Security image via Shutterstock