|Information Security Continues to Be Vital for CPAs in Public Accounting, Business and Industry
Consider the following: an employee within your organization receives an email from a co-worker and, since the sender is on the employee’s “trusted list”, she clicks on a link within the email. She assumes the link is secure, but instead, she accidently releases a virus into the organization’s server and compromises confidential data for the entire firm.
This example of the limits of anti-virus software and the unknowns of human behavior, demonstrates the importance of information security as it continues to be a top concern for businesses around the world. As technologies in the business world continue to advance, threats from cyber hackers and thieves continue to evolve at an equal or greater rate, jeopardizing a corporation’s ability to safeguard intellectual property and maintain data security.
According to the AICPA’s annual Top Technology Initiatives Survey, Information Security Management is the most important initiative affecting IT strategy, investment and implementation in business organizations, and has been the top IT initiative for the last 7 years. Additionally, rounding out the top three technology initiatives in the survey are Privacy Management and Secure File Storage Transmission and Exchange, which both are related to strategies that safeguard an organization’s information assets.
With the increased pressure on companies to comply with security standards, most businesses try to maintain a competitive edge by keeping certain security initiatives at the forefront of their plans. First and foremost is the ability to send confidential files within a secure environment. Around the globe, millions of emails are sent every second. Employees may send emails with client or organization proprietary information without thinking twice, which can cause a potential threat to the client or organization. Regardless of the size of the firm, or the types of files being sent through cyberspace, there remains a constant need to place locks, encryption and other security measures on these electronic files. Companies should consider investing in a secure file exchange network using hosted services. This gives the organization and its staff greater protection against data exploitation when files are sent internally and externally.
With the high-end awareness of data security in the marketplace, escalations in non-compliance are becoming more frequent. The ability for staff to mobilize, utilizing laptops and handheld devices when working away from the office, also contributes to the heightened need for security. Focusing on security reduces scrutiny on an organization’s internal controls and allows its goodwill to remain in tact.
As companies are taking appropriate security measures at an increased rate, the processes become evermore complicated by the human element that the use of mobile devices introduces. While businesses are excited to capitalize on mobility by giving their employees newfound flexibility and freedom, this also poses a serious security threat if any mobile devices are lost. Most people forget to erase files on their electronic devices when they trade them in for a newer version or leave the organization, providing a logical argument for employing data encryption. Whether data resides on laptops, thumb drives, blackberries or any other electronic storage device, the most pressing question facing companies trying to protect their information is how to make the data unreadable if it falls into the wrong hands. A measure some companies have taken is to implement a software product which enables employees to secure and encrypt all of their sensitive data. When encrypted data gets in the hands of a thief, the information becomes scrambled, accessible only by a specific pass code. By utilizing data encryption software and policies surrounding its usage, companies can provide some degree of protection.
Fundamentally, a CPA must understand and be knowledgeable about the most pressing security initiatives affecting the profession, be aware of specific solutions to combat these threats and successfully implement best practices for deploying the necessary security measures that protect clients, firms and organizations in general. CPAs can help with the implementation of these new technologies into a business by consulting with clients to determine critical business decisions such as creating internal controls and meeting industry standard regulations. Additionally, CPAs play a role in designing systems for managing sales, adjusting manufacturing and administrative procedures, and establishing timetables for technology upgrades—all of which play a vital role in protecting a corporation’s financial, fixed and intangible assets. Additionally, when CPAs continue to enhance their education in technology initiatives, they become a more valuable asset to their organization and open the door for career growth and opportunities in today’s world of emerging technology.
When it comes to the employee, or the end-user, knowledge is power and security. The need for training and competency in today’s age of technology is matched only by an organization’s responsibility to protect its confidential information. The more knowledgeable employees are about their computers, the better prepared they will be when a threat does come along. “Training is the single best way to capitalize on assets and gain the most value from already existing resources”, said David Cieslak, former Chair of the AICPA Information Technology Executive Committee (ITEC), and current Principal of Arxis Technology, Inc. Training addresses one of the most vital elements to keeping information secure: the human element. No matter how many security measures are put into place, human errors play a crucial role in deciding how well an organization can protect its assets.
Safeguarding intellectual property and maintaining data security requires technological expertise and the ability to adapt to the ever-changing electronic communications of the business world. Utilizing protective measures such as securing confidential files, data encryption, and other basic initiatives such as employee training and even locking equipment with sensitive information, can all play a role in safeguarding an organization’s data. CPAs play an essential role in synergizing business initiatives with the information security needs of an organization. “CPAs have a unique vantage point. They understand the sensitivity of the information and can play a fundamental role in identifying and deploying the appropriate procedures to protect sensitive information,” said Mr. Cieslak. As businesses continue to grow with emerging technologies, and the threats from cyber thieves remain ever vigilant, CPAs will always be on the front lines to protect the assets of organizations everywhere.
Visit the Top Technology Initiatives page for more information on AICPA’s annual Top Technology Initiatives Survey and the other technologies on the list.