Six tips to protect your firm against cybercrime
Professional Insights
AICPA logo
AICPA logo
  • Home
Futuristic shield symbol
Professional Insights

Six tips to protect your firm against cybercrime

1 year ago · 4 min read

You wake from a deep sleep to a loud ring on your cell. Bleary-eyed, you scramble for the light and collect your thoughts, looking to see who is calling at this hour. Your colleague, who regularly begins work before the sun rises exclaims, “John, our servers have been compromised.” Your heart races, you can’t believe what she is saying. “Did I hear you correctly Sarah or am I still dreaming?” You heard correctly. You are now a victim of cybercrime. Thankfully, you developed an emergency plan last summer. To avoid further damage, you must move quickly to put your plan into action.

In this hybrid digital age, where work from home and remote locations are commonplace and communicating with all sorts of connected mobile devices is the norm, cybercrime has become a new reality. Cyber criminals are increasingly bold and cagey, using everchanging strategies to make their way into businesses of all sizes.

To raise awareness of this growing problem and increase online safety, National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS) designated October as Cybersecurity Awareness Month (previously National Cybersecurity Awareness Month). Now in its 18th year, this is the perfect time to examine potential threats and actions that your firm can take to be more secure online.

Cybercrime can no longer be ignored

Each of us and our firms are at risk of a cyberattack and the results can be devastating, especially if we are not prepared to act quickly. As a business leader, knowledge and preparedness are your first lines of defense.

  • Ransomware, the fastest growing cybercrime, is expected to attack a business, consumer or device every 2 seconds by 2031, up from 11 seconds in 2021

  • 85% of breaches involved a human element - 36% involved phishing, 11% more than last year

  • 98% of US executives say their organization experienced one or more cyber incident in the past year

  • 43% of cyber-attacks target small businesses

  • Top cyber threats US executives are most concerned about include:

    • unintended actions of well-meaning employees (28%)

    • ransomware, phishing and malware (27%)

    • third-party and contractor risks or other supply chain deficiencies (20%)

Despite rapidly growing attacks, cybersecurity fell out of the top 10 issues in the recent 2021 PCPS CPA Firm Top Issues Survey (with the exception of firms with 10 or fewer professionals). Looking forward, practices should not lose sight of this critical area. Many could be at risk due to the seemingly overnight move to a remote environment and the rapid shift to a hybrid workforce.

Take control

Rather than work in fear, be purposeful in your actions to foil cyber criminals. While it may not be possible to avoid an attack all together in this increasingly aggressive space, pre-emptive initiatives and diligence can go a long way to increase online safety for you, your colleagues and your clients.

  • Empower your team to fight cybercrime
    With countless connected devices, including laptops, tablets and cellphones being used in the office and remotely, any member of your firm can open the door to a predator without intention. Cybersecurity Awareness Month’s 2021 theme, Do Your Part. Be Cyber Smart, reminds us how important it is for everyone to be involved in combating cybercrime. Work to bring this mindset into you firm.

    • Engage and empower your entire team to fight cybersecurity

    • Talk about potential dangers that each person faces when they are online

    • Challenge them to be the eyes and ears of potential threats, whether they are in the office or working remotely

    Together, you will have a greater chance of success in making your firm more secure.

  • Incorporate cybersecurity into your firm’s culture and training
    Rather than simply a push during October, make cybersecurity a part of your firm’s regular narrative and agenda throughout the year. Help everyone understand how to fight cybercrime and encourage cyber related courses when your team is making choices about their CPE so they can make good decisions that will be essential to creating a cybersmart culture. Provide frequent internal training to address items such as:

    • What is the proper way to access wi-fi or logon to the firm’s network when working from home or in public spaces?

    • How to identify phishing emails?

    • What is social engineering and how to detect it?

    • How to recognize potentially dangerous URL extensions?

    Also consider attending the Digital CPA Conference 2021, December 5-8, online or in Nashville, TN (PCPS members save $200) to gain insights and learn new strategies to fight cybercrime.

  • Identify and strengthen your firm’s most vulnerable areas
    To fight cybercrime, you must identify areas where your firm is most likely to be attacked.

    • Are there software or other online procedures that you implemented hastily during the COVID-19 pandemic that could put the firm at risk?

    • Do you encrypt emails containing sensitive information?

    • Do you have internet-facing links to vendors, third-party providers or suppliers that could cause compromise?

    If you need help identifying and securing your firm’s weak entry points and backdoor routes to sensitive information, reach out to a cybersecurity professional.

  • Get serious about passwords, patches and two-part authentication
    Cybercriminals prey on easy targets. Increasing your protection in these three areas can go a long way to stop a breach in your firm.

    • Create more complex passwords - upper and lower case, numbers, letters and symbols

      • Different passwords for different accounts that change regularly

    • Keep all computers, mobile devices and software updated with the latest patches

      • Encourage team members to turn off devices overnight so they can run automatic updates

    • Add an extra layer of security to all devices with two-part authentication

    Check out the Private Companies Practice Section’s CPA Cybersecurity checklist, exclusively available to PCPS members, for more tips to secure your firm.

  • Plan for an attack
    Breaches and attacks happen when we least expect them. Early in the morning, as in Sarah and John’s firm or during holidays, when most people are not around to notice. Fortunately, as in this case, Sarah was there to discover the intrusion and act quickly according to the firm’s plan. To get started with your plan:

    • Outline exactly what to do in case of an attack – include roles and responsibilities

    • Identify who to contact and what messages to communicate

    • Address incident response (information asset protection) and disaster recovery (business continuity)

    • Consider how to respond if you are held for ransom

    To learn more about developing your own plan, visit the Private Companies Practice Section’s Where is your firm in the cybersecurity journey? resource, exclusively available to PCPS members.

  • Consider cyber insurance
    For added coverage, cyber insurance can provide a combination of options to help guard the firm against data breaches, downtime, reputational harm and client loss. You can select cyber insurance as a part of your AICPA Professional Liability Insurance. Don’t forget to ask for the Private Companies Practice Section (PCPS) member discount to receive a 5.5% premium credit of up to $400 for the CPA Value Plan and $600 for the Premier Plan.

In this age of cybercrime, you and your team’s preparedness and diligence will go a long way to make your firm more secure.

What did you think of this?

Every bit of feedback you provide will help us improve your experience

What did you think of this?

Every bit of feedback you provide will help us improve your experience

Mentioned in this article



Manage preferences

Related content