15 posts categorized "Cybersecurity" Feed

It’s Time to Speak the Same Language on Cybersecurity

Cybersecurity 3Recent massive ransomware attacks on organizations around the world demonstrate how disruptive—and in some cases destructive—cyberattacks can be. The “WannaCry” malware incident is just the latest alarm on the ever-urgent call for companies to immediately address and manage their cybersecurity risks. Every organization is susceptible to cyber assaults, making a clearly defined, flexible and robust risk management program essential to a business’s ongoing success.

Addressing an Increasing Market Need

With cyberattacks on the rise, organizations are not only reinforcing their ability to prevent attacks, but also taking steps to demonstrate that they are doing all they can to detect, respond to, mitigate and recover from attacks on a timely basis. Customers, investors, boards of directors and even government officials want to know more about what companies are doing to address cybersecurity.

Continue reading "It’s Time to Speak the Same Language on Cybersecurity" »

5 Emerging Services Set to Transform the Accounting Profession

Shutterstock_515980906What’s on the horizon? How are changes in the business marketplace creating new opportunities for the accounting profession? What are the implications of up-and-coming technologies like blockchain?  These, among a host of other emerging trends were discussed recently at the AICPA’s Assurance Services Executive Committee (ASEC) meeting. The committee, composed of the profession’s leaders in assurance and advisory services, engaged in an insightful discussion about issues that are gaining traction internationally and in the United States.

In addition to discussing ideas for potential future projects, the committee also spoke about the projects they have currently underway that facilitate new opportunities for practitioners to provide value-added services to clients. These include five emerging service opportunities:

Continue reading "5 Emerging Services Set to Transform the Accounting Profession" »

5 Data Backup Gaps and How to Fix Them

World Backup DayMarch 31 is World Backup Day. Why March 31? Because you don’t want to be an April fool according to World Backup Day’s organizers.

Human error, equipment failure and theft are just a few ways your organization could be at risk of data loss. Today, no firm or company can afford to be without a cybersecurity risk management program. If you’re like most CPAs, this is not news to you. In fact, if you’re somewhat of a data backup fanatic, you might already be paying for secure offsite storage of paper files as well as digital backups. Still, experts say even the most diligent often have gaps in their backup practices. Let’s look at some of the most common considerations and how to address them.

  1. Do you know exactly how to retrieve your backups? For starters, knowing the person in your office who you think knows how to retrieve your backups doesn’t count. Knowing the name of one of your cloud backup vendors is not enough. Retrieval is an often underdeveloped but equally important aspect of backup planning (see #5 below). Unfortunately, there’s no single, all-encompassing solution for backing up your systems. Even in a small firm, you’ll likely need three or four different backup systems. Tax preparation, bookkeeping and auditing software packages often have integrated, cloud-based backup options. There’s the information on your office network and server(s)—here you can choose a cloud-based solution or an onsite backup system that updates each night. Then you have your desktop and laptop PCs. And, finally, you have smart phones, tablets, watches, etc. Organize your retrieval information for ALL systems and test it—like a fire drill. If your test goes off without a hitch, you can skip the rest of this post.

Continue reading "5 Data Backup Gaps and How to Fix Them" »

7 Benefits of Cybersecurity Penetration Testing

Shutterstock_388491619Security breaches are prevalent in today’s business environment and reports indicate that these threats are not going away any time soon. As a result, organizations need to take steps to safeguard their confidential data and other sensitive information. Smaller-sized organizations like small businesses and not-for-profit entities are particularly vulnerable. A recent study by Symantec found that 43 percent of phishing campaigns affected small businesses in 2016, a significant uptick compared to 2011 when just 18 percent of attacks targeted small businesses.

Even organizations with limited resources have affordable and effective options for protecting valuable data. I recommend penetration testing, a type of cybersecurity vulnerability assessment, to my clients working in the not-for-profit sector. Many of my not-for-profit clients feel compelled to conduct cybersecurity penetration testing when they consider how accepting online donations may create vulnerabilities for not only for themselves but also for their donors. Potential donors may feel more comfortable donating online once they hear that the organization has safeguards in place to protect their information. Penetration testing is performed by an outside, third party and can be tailored to the needs, or concerns of the organizations.

Continue reading "7 Benefits of Cybersecurity Penetration Testing" »

3 Steps to Mitigate and Respond to a Security Breach in the Cloud

The AICPA is participating in National Cybersecurity Awareness Month with a series of blog posts to help CPAs understand the role they can play in addressing cybersecurity issues. This is our second post in this series. Our first post discussed low- and no-cost ways to protect data.

Cloud securityMuch like their counterparts who run growing companies in virtually every industry, many accounting firm executives have their heads in the cloud. They have implemented, or are considering, cloud computing options for everything from data storage and networking to task automation and product delivery. Some firm executives see an additional opportunity: offering consulting services to help clients understand and use the cloud.

It’s clear that cloud computing provides proven advantages over on-premises options, such as savings, convenience and flexibility. However, the cloud also presents some unique challenges, including often complex deployment options, operational issues and substantial security concerns. Below you’ll find three steps to take to address cloud computing security.

Step One: Know the Risks

The first way to mitigate a security breach is to understand and prioritize the risks related to using cloud services. For accounting firms and their clients that use a cloud service provider (CSP), cloud-based solutions present the same risks as traditional information security, plus the risks associated with managing and governing a third-party service provider.

Continue reading "3 Steps to Mitigate and Respond to a Security Breach in the Cloud" »

5 Low- or No-Cost Ways for CPAs to Help Slam the Door on Cybercriminals

CybercrimeThe AICPA is participating in National Cybersecurity Awareness Month with a series of blog posts to help CPAs understand the role they can play in addressing cybersecurity issues. This is our first post in this series.

October is National Cybersecurity Awareness Month, but fighting cybercrime is a year-round battle. As experienced keepers of confidential information, CPAs are uniquely positioned to support cybersecurity initiatives for their firms, clients, or employers. But cybersecurity is costly, and budgets are always limited, especially in the public and not-for-profit sectors. Consider these five simple steps CPAs can take to help protect data without breaking the bank.

  1. Know email scams and warn others. People are increasingly the weak link in organizations’ cyber armor. You know not to give your checking account info to an unknown foreign government dignitary. But what if you get an email from your CEO instructing you to wire funds for a deal that you know is about to close? This scenario was all too real last year for a finance employee who was tricked into wiring $730,000 to a bank in China, according to an FBI report. Since the FBI started tracking business e-mail scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that were targeted. Total losses exceeded $740 million.

Continue reading "5 Low- or No-Cost Ways for CPAs to Help Slam the Door on Cybercriminals" »

Introducing a New Framework for Reporting on Cybersecurity Risk Management

Cybersecurity 2The list of companies is growing. Businesses, organizations and governmental entities have suffered damaging publicity—and faced lawsuits—due to data breaches, forcing them to make cybersecurity a priority. It’s not surprising to hear, then, that 95% of CGMA designation holders said their companies were concerned about cyberattacks, according to an AICPA survey. Organizations and their stakeholders are not only seeking ways to address current and potential threats but also to gain assurance and communicate about the efficacy of their own efforts to identify and manage the potential effects of cybersecurity risks.

Stepping up to help our fellow CPAs meet businesses’ and clients’ needs, the AICPA is proposing a way for businesses to demonstrate due care and build stakeholder confidence in their cybersecurity risk management efforts. The Cybersecurity Working Group of the AICPA’s Assurance Services Executive Committee (ASEC), in collaboration with the AICPA’s Auditing Standards Board, is developing criteria and guidance that companies can use to communicate, and we can use to report on entity cybersecurity risk management efforts.

Continue reading "Introducing a New Framework for Reporting on Cybersecurity Risk Management " »

Seizing Opportunity Like a Rapping Founding Father

HamiltonWhen hip hop music first became popular, very few people would have thought that the music could be a great way to tell the story of America’s Founding Fathers. Yet, the wildly popular Broadway musical “Hamilton,” which won 11 Tony Awards, merges the historical narrative of the nation's first Secretary of the Treasury with hip hop music and lyrics, and proves that it’s possible to successfully create something fresh by offering a new take on a familiar subject.

Alexander Hamilton, the man whose life inspired the musical, started his career as an accounting clerk in the West Indies, then went to colonial America, where he would eventually lay the groundwork for the United States financial system. The musical came to life because Lin-Manuel Miranda, its creator and the man who originated the role of Hamilton, saw an opportunity and seized it by utilizing his musical talents to tell a 240-year-old story and delight unsuspecting audiences.

What does that have to do with CPAs? A lot, actually. Every day, CPAs use their knowledge and talents to meet a wide spectrum of client needs, often in ways that weren’t initially envisioned 50 or 20 or even five years ago. If you’d like to set the stage for new options in your career or practice, here are several opportunities that mesh well with CPAs’ core competencies and experience.   

Continue reading "Seizing Opportunity Like a Rapping Founding Father" »

Are You Cybersecurity Ready?

Cyber compliance

 

The interconnected digital world has been referred to as the wild, wild West. Hackers are eagerly looking to exploit the weakest line of code in mobile devices, applications and operating systems. And those are just a few of the types of technology at risk in today’s environment.

You’ve probably heard the old adage, “you don’t bring a knife to a gun fight.” Cybersecurity is no exception. In a cyber “gunfight,” only the most prepared organizations can survive a security breach. To assist organizations in preparing for cyber incidents, the Department of Justice’s (DOJ) Cybersecurity Unit released Best Practices for Victim Response and Reporting of Cyber Incidents, out lining steps to take before, during and after a cyber attack or network breach. 

The DOJ document provides best practices and indicates that organizations connected to the Web should evaluate cybersecurity readiness by preparing prior to, in response to and for recovery from an intrusion.  

Continue reading "Are You Cybersecurity Ready?" »

4 Cybersecurity Pitfalls to Avoid

HackerYou might break out in a cold sweat at just the thought of criminals on the other side of the world stealing your clients’ or customers’ account information. After all, if some of the largest corporations and agencies of the federal government can’t prevent their systems from being breached, what can a Main Street CPA firm or medium-sized business possibly do against such a threat?

Reality is that as a CPA you can probably do more than you think. At a minimum, as a trusted business adviser, you should help your clients or employer avoid these common pitfalls:

  1. Classifying cybersecurity as an IT issue. Although IT has a support role involving intrusion detection and prevention, cybersecurity involves much more than IT. Today’s hackers increasingly focus their attacks on human rather than technical vulnerabilities. Cybersecurity is an enterprise risk management (ERM) issue. With some specialized training, CPAs are uniquely qualified to systematically assess and report on cybersecurity risks and implement controls to mitigate those risks.

Continue reading "4 Cybersecurity Pitfalls to Avoid" »

Answers to 5 Common Cloud Questions for Not-for-Profits


CloudWith cybersecurity in recent news headlines, more clients are coming to us for advice on accounting software solutions. Cloud systems, especially, have increased in popularity among businesses in the private sector and not-for-profits alike. Organizations with decentralized operations, or with many remote workers that need access to information, can benefit the most from using a cloud system.

Here are the most common questions we encounter in our practices.

Q: What (and where) is the cloud?

A: When we talk about the cloud, it just refers to a system or application that is hosted somewhere outside of your office—usually accessed over the Internet. The term “cloud” comes from the shape used to represent the Internet on network diagrams. 

Some people may also be familiar with the term Software as a Service (SaaS).  The “as a Service” (aaS) suffix also refers to the cloud. There are several flavors of this: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and more keep coming up as additional services are delivered via the cloud.

Another term also often associated with the cloud is “hosted solutions.” This can be software, servers, or even desktop services. Unlike the “as a Service” model, which would be considered “pure” cloud and accessible directly from the Internet in a web browser, hosted solutions usually require a VPN network connection or specially configured client software to access.  However, for most intents and purposes, we can consider hosted solutions as part of the “cloud.”

Continue reading "Answers to 5 Common Cloud Questions for Not-for-Profits" »

Update on Taxes and Terrorism: Why Clients’ Data Could Become Vulnerable

Data breachSince this article was initially published in December 2015, the FBI has attempted to compel Apple, Inc. to defeat its own encryption for the purposes of accessing the information on the iPhone of Syed Rizwan Farook, perpetrator of the mass shootings in San Bernardino in December of last year. Apple has thus far refused to obey a federal court order to provide access to the phone, based in part on a first-amendment argument that code-writing constitutes free speech. A federal court in California will hear arguments on March 22, but promises from both the Justice Department and Apple, Inc. to appeal any decision against their respective cases mean the dispute is unlikely to conclude at that time. The case is certain to have far-reaching implications for the nature of digital security both here in the United States and abroad.

Continue reading "Update on Taxes and Terrorism: Why Clients’ Data Could Become Vulnerable" »

5 Cybersecurity Precautions for Small CPA Firms

Cybersecurity small firmsWith busy season off to another running start, it’s important to remember that cyber attackers are busy too. With readily monetizable information on hand that can be sold easily on the black market, your practice is an especially attractive target for attackers.

Frequent news reports of breaches at large organizations and government entities might lead you to believe you don’t stand a chance if targeted. Fortunately, this is not the case. The following basic precautions can significantly reduce your risk and mitigate damage if you experience a cybersecurity incident.

  1. Locate, classify and separate information by risk level. The highest risk information for most firms is going to be financial account information such as bank routing and account numbers, credit and debit card numbers, and usernames and passwords for online account access. This information should be protected with a high level of security and stored separately from other client records. Because industry safeguards typically require names of authorized users, billing addresses, employer identification numbers and Social Security numbers to gain access to accounts, a system that stores information used to authenticate account numbers separately from the numbers themselves can mitigate losses should a security breach occur.

Continue reading "5 Cybersecurity Precautions for Small CPA Firms" »

CPAs Well-Positioned to Help Manage Cybersecurity Risk

CybersecurityCybersecurity is becoming a critical issue as consumers increasingly entrust their most confidential information – including Social Security numbers, tax identification numbers and financial information – to companies that store this data electronically. As companies look for third-party assessment and verification of their cybersecurity risk management program, CPAs are well-positioned to provide these services – and the more comprehensive definition of attest that many states have adopted ensures that only CPAs can provide cybersecurity attest services in accordance with the AICPA’s high standards.

Attest services are those services that are limited to licensed CPAs and can only be performed by licensees through CPA firms. They include audits, reviews of financial statements and examinations of prospective financial information.

Continue reading "CPAs Well-Positioned to Help Manage Cybersecurity Risk " »

Are You Prepared for a Cybersecurity Attack?

Cybersecurity 1Is your firm or organization prepared to respond to a cybersecurity attack? What about your clients? A cybersecurity breach could occur at any time. No organization is too small to come under attack, so it is best to be prepared. When a breach occurs, companies without a plan may waste valuable time trying to organize a core team and put a strategy in place. Below are steps that you should consider as you develop a cybersecurity response plan.

Continue reading "Are You Prepared for a Cybersecurity Attack?" »

Subscribe

Subscribe in a reader

Enter your Email:
Preview