The news reports on cyber security over the past few weeks are enough to any CPA firm yearn for the days of paper file cabinets and adding machine tape. The IRS website is being besieged with attempts to acquire taxpayer data and PINs. Ransomware and cyber extortion (schemes in which a cyber attacker injects malware into a company’s data that encrypts it and restricts access until a ransom is paid) are up 500% year over year in US businesses according to a recent Kaspersky Lab report, which cited a stunning 718,000 ransomware attacks in the 12 months ending in March 2016.
Some of those attacks targeted CPA firms; a July 23 2016 Accounting Today article noted that CPA professional liability insurance carriers are beginning to see ransomware claims from firms and that this danger can only be expected to increase as more and more cyber criminals turn to professional services firms as targets.
In this stormy security environment it is more important than ever for firms to take extreme care with all aspects of their data storage and protection, from selection of cloud based vendors through determination of which data sets to store where and how, through protection of that data via encryption and strong security protocols, according to nationally known IT privacy and security consultant Donny Shimamoto, CPA, CITP, CGMA. Donny is a 5-year recipient of CPA Practice Advisor’s Top 25 Thought Leaders in Public Accounting award and a 2016 recipient of AICPA’s Standing Ovation Award in the Information Technology category, and sees the increase in attacks on CPA firms as a big concern.
“Accounting firms have a treasure trove of social security numbers and banking information on their systems. If a criminal decides to target a firm, that firm better be ready or they could be facing a massive data breach impacting their reputation and resulting in big financial repercussions for the firm and its affected clients” he told us. “We’ve also seen a big increase in cyber-liability insurance and IT risk assessment inquiries this year. Many firms, especially small ones, may not have all of the right policies and procedures in place to qualify for coverage.”