Page 140 - Cyber Defense eMagazine April 2023
P. 140

For firms looking to prevent breaches and safeguard valuable client data, cybersecurity practices must
            be a top priority.



            Significant company impact

            The latest cyberattacks targeted CPAs and tax preparers during a busy tax season, potentially allowing
            hackers to acquire sensitive financial data. A security breach can be extremely detrimental to firms,
            causing irrevocable damage to client trust and a firm’s reputation – not to mention monetary loss.

            Once  cybercriminals  steal  data  from  a  company,  reputational  and  monetary damage could  be  long-
            lasting. One popular technique for cybercriminals to utilize sensitive data is requesting a high ransom
            payment from the firm and threatening to leak the data if the ransom is not paid. Theft can also lead to a
            loss of  intellectual  property,  impacting  a  company’s growth, and  the  loss  of  current  and  prospective
            clients.

            As the cybersecurity landscape swiftly changes, cyber criminals are exploiting any weakness they can
            find, meaning taking the path of least resistance and keeping out-of-date security systems puts firms at
            high risk. On-premise systems are inherently easier to exploit than cloud-based systems, especially when
            firms do not have dedicated time each day to update security patches and ensure all programs are
            running as they should.



            Protecting your organization


            With trust being a vital component to a CPA-client relationship, cybersecurity must be a critical safeguard
            to protect your client’s data. Every cyberattack is going to be different and there is no way to know how
            your client’s data could be mishandled.

            Less robust cybersecurity systems can be a target for cyberattacks, so it’s important to have an appointed
            Chief Data Protection Officer or third-party dedicated to your cybersecurity. Ensuring that your anti-virus
            software  is  consistently  updated,  and  multi-factor  authentication  implemented  to  prevent  fraudulent
            access is a priority. Another top concern should be digital document storage and how your firm will protect
            data from breaches. This is especially true if you have acquired companies, as extending all cybersecurity
            systems across acquisitions will minimize risk.

            Educating staff about cyber risks on a regular basis is also a key way to keep your organization secure.
            This  training  should  include  phishing,  personal  data  protection  and  cybersecurity  best  practices.
            Fostering a culture of safe cyber practices will keep employees conscious of cybersecurity best practices.

            Extending this expectation to third party vendors can be the best opportunity to protect your firm from a
            future breach. Be sure to ask about cybersecurity protocols, data protection measures, functionality,
            integrations and capabilities. A cloud-based SaaS is going to be the best way to ensure the security of
            your data. SaaS providers often have the resources to dedicate time and personnel to ensure system
            security for their clients. It is often hard for firms to exert the same level of security diligence on on-
            premises systems due to resource constraints that inhibit hiring dedicated cybersecurity staff. Turning to




                                                                                                             140
   135   136   137   138   139   140   141   142   143   144   145