The AICPA is participating in National Cybersecurity Awareness Month with a series of blog posts to help CPAs understand the role they can play in addressing cybersecurity issues. This is our first post in this series.

October is National Cybersecurity Awareness Month, but fighting cybercrime is a year-round battle. As experienced keepers of confidential information, CPAs are uniquely positioned to support cybersecurity initiatives for their firms, clients, or employers. But cybersecurity is costly, and budgets are always limited, especially in the public and not-for-profit sectors. Consider these five simple steps CPAs can take to help protect data without breaking the bank.

1. Know email scams and warn others. People are increasingly the weak link in organizations’ cyber armor. You know not to give your checking account info to an unknown foreign government dignitary. But what if you get an email from your CEO instructing you to wire funds for a deal that you know is about to close? This scenario was all too real last year for a finance employee who was tricked into wiring $730,000 to a bank in China, according to an FBI report. Since the FBI started tracking business e-mail scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that were targeted. Total losses exceeded $740 million.

The interconnected digital world has been referred to as the wild, wild West. Hackers are eagerly looking to exploit the weakest line of code in mobile devices, applications and operating systems. And those are just a few of the types of technology at risk in today’s environment.

You’ve probably heard the old adage, “you don’t bring a knife to a gun fight.” Cybersecurity is no exception. In a cyber “gunfight,” only the most prepared organizations can survive a security breach. To assist organizations in preparing for cyber incidents, the Department of Justice’s (DOJ) Cybersecurity Unit released Best Practices for Victim Response and Reporting of Cyber Incidents, out lining steps to take before, during and after a cyber attack or network breach. 

The DOJ document provides best practices and indicates that organizations connected to the Web should evaluate cybersecurity readiness by preparing prior to, in response to and for recovery from an intrusion.  

Open the newspaper, and you’ll find no shortage of stories about sensitive corporate information getting into the wrong hands. How can you ensure this doesn’t happen to your organization? Solid IT policies and procedures. They are critical components of an organization’s umbrella IT strategic plan and are designed to prevent serious operational problems. In general, security policy and procedures include assessing your organization’s assets and holdings, evaluating them against threats or risks for exposure and having the right tools and techniques in place to manage those threats and risks.

What was technology like 25 years ago? In 1989, when the AICPA conducted its very first Top Technology Initiatives survey (TTI), the most popular technologies discussed were the spreadsheet and, of course, something called the Internet.

It’s 2015; dial-up is a relic and cloud-based alternatives to physical backups are much more common. Today’s technologies thrive on a 24-hour, cloud environment that enables cross-platform collaboration.

The 25^th anniversary North American TTI Survey conducted in 2014 expounded on this trend in the profession and broke down the top IT priorities in the United States and Canada, with more than 3,000 CPAs and chartered accountants weighing in on the most pressing issues affecting their delivery of service in firms, and in business and industry.

Here is a list of the top 10 U.S. initiatives ranked by priority. I will elaborate on the top IT concern below.

Organizations must focus on their core business – and that often means hiring vendors and service providers to perform tasks which fall outside of that core.  A prime example of this is upgrading your organization’s information technology structure.  While you may know exactly what you want and how to go about getting it done, chances are that most CPAs lack the time or staff to make that goal a reality – without some outside help.

Managing vendors and service providers ranked among the top ten technology initiatives in both the U.S. and Canada according to the AICPA's 2013 North America Top Technology Initiatives Survey Results. Although overall confidence levels have declined, the survey showed some interesting differences between how public accounting firms and those in business and industry in both countries ranked the issue. In the U.S., public accounting firms rated the issue of managing vendors and service providers as the eighth most important; however business and industry organizations rated it tenth. 

It is likely that we have all been told to get our heads out of the clouds at one point in our lives. However, emerging technologies are now forcing us to get our heads into the “cloud” and our hands on our mobile data.

Mobile computing, remote computing, social media, big data and cloud computing have enabled CPAs and others to access, use and manage information most anywhere, at any time.  

While these technologies are expected to drive 90% of the growth of the IT market from 2013 through 2020, determining out how to best leverage them is a hot issue for the accounting profession. In fact, the issue of leveraging emerging technologies ranked among the top ten technology initiatives in both the U.S. and Canada according to the AICPA's 2013 North America Top Technology Initiatives Survey results. 

Every organization wants to get the most out of its IT initiatives – without spending more than is needed or realizing that you have not spent enough to get the job done until it is too late. The key to achieving this depends on how your organization governs and manages its IT investment and spending – and having effective policies and procedures in place can help you to do just that.

The issue of governing and managing IT investment and spending was one of the top 10 technology initiatives in the AICPA’s 2013 North America Top Technology Initiatives Survey results, which was conducted jointly with the Chartered Professional Accountants of Canada. Governing and managing IT investment and spending ranked eighth in the top ten technology initiatives in the U.S. and was the fifth biggest concern in Canada. However, only 38% of survey respondents in both countries felt confident or highly confident in the ability of their clients’ organizations or their organizations to address this technology initiative.  So, how can you elevate those confidence levels?  By determining how to effectively maximize your IT ROI.

In order to make the right decisions, you have to have the right information. While that statement seems overly simple, the truth is that many organizations often rely upon the wrong information when making important strategic decisions. The issue of Enabling Decision Support and Analytics was one of the top ten technology initiatives reported by the 2013 North America Top Technology Initiatives Survey, a joint effort between the AICPA’s Information Management & Technology Assurance Division and the Chartered Professional Accountants of Canada.

Sometimes having the right information to make the right decisions does not happen when an organization's information architecture does not support effective reporting or management has not supported an investment in business intelligence-related projects. As a result, management may receive inaccurate or incomplete reports and may be at greater risk of making poorly informed business decisions. The issue of enabling decision support and analytics is a concern for many organizations as better technology can provide more data in less time than ever before.