Tax Pros: Watch Out for These Identity Theft Red Flags

Posted: July 25, 2024

New Jersey Signs on for "Direct File" Program with IRS

Posted: July 25, 2024

The Fastest-Growing Firms: The Secret Sauce of Growth

Posted: July 25, 2024

Tax Pros: Watch Out for These Identity Theft Red Flags

Posted: July 25, 2024

New Jersey Signs on for "Direct File" Program with IRS

Posted: July 25, 2024

The Fastest-Growing Firms: The Secret Sauce of Growth

Posted: July 25, 2024

PAGE HEADING

How Security Savvy Is Your Firm?

by By Jim Boomer, CEO, Boomer Consulting, Inc. - November 4, 2016
cybersecurity_technology_400

Security continues to be a top priority for firms today. Clients trust CPAs with some of their most sensitive data, and it’s our responsibility to do everything possible to protect it.

While most wish there was a magic bullet that would guarantee 100 percent security and keep the bad guys out, the reality of today’s environment makes that notion unrealistic. The fact remains that even if we do everything possible to try to eliminate security risk we are only as strong as the savviness of our people.

Security Starts on the Front Lines

Whether it’s securing a perimeter in a war zone or an accounting firm, the strength of defense is only as robust as the front lines. In your firm, the front line is your people who are handling sensitive client data on a daily basis. An informed and diligent workforce is your best protection against an attack.

Have you invested the proper amount of training to make sure they are prepared for that responsibility? Are they skeptical of suspicious-looking links in emails? Do they report potential security issues as soon as they occur? Do they avoid over sharing on public sites and social media? If not, your firm needs to invest in security awareness training for your entire team. But where do you start?

Where to Start

The first step is determining where you are today. To do so, you probably need to bring in an outside party to perform a security assessment that includes penetration testing, social engineering and a complete review of your security infrastructure, as well as your team’s knowledge.

Many of the firms we work with have had an assessment done in the last few years and the results have identified vulnerabilities that were previously blind spots. While some were the result of inadequate technology, the majority were caused by the human factor.

Training the Front Lines

The only way to mitigate against the risks of uninformed and careless individuals is to provide them with ongoing security awareness training. Although programs may vary, here are some of the key characteristics you should keep in mind:

  • Include everyone. Security awareness training applies to everyone in the firm. Leadership should not be excluded. In fact, top level executives are some of the most vulnerable individuals. Criminals have become more sophisticated and regularly target those who have access to the most sensitive and valuable information.
  • Link it to their personal lives. Most, if not all, of the best practices apply to your employee’s behavior in both their professional and personal lives. The more you can show how it impacts them individually through personal examples, the better it will stick.
  • Protect people from themselves. The more IT can do at the desktop level to not allow people to place themselves or the firm at risk, the better. Make it so people can’t do the things that get us in trouble.
  • Make it an ongoing process. Security awareness training is not a one-time event; it’s an ongoing process. Make sure you are continually testing, training and reinforcing best practices.
  • Hold people accountable. Holding people accountable is the best way to reinforce desired behaviors, and get individuals back on track if they forget or stray off course.

Risk Based Approach

Gartner lists Adaptive Security Architecture in its Top 10 Strategic Technology Trends for 2016 and states, “Relying on perimeter defense and rule-based security is inadequate. IT leaders must focus on detecting and responding to threats, as well as more traditional blocking and other measures to prevent attacks.” This indicates we need to think differently about security than we have in the past. Traditionally, organizations have spent the majority of their security budget on eliminating risk. In today’s environment, you must balance your resources between proactive prevention and reactive response. In other words, we must view security from a risk management perspective rather than risk elimination.

Conclusion

If you are currently relying on technology alone to prevent cyberattacks, you are likely exposing your firm and clients to unnecessary risk. Make sure you address the weakest link in most organizations — the people. Educating them on the best practices and proper behaviors is the best way to protect yourself against the bad guys. At the same time, invest appropriate resources to prepare your firm to respond to a security event. Start the journey today to make your firm more security savvy.

Icon_MemberBenefits_MID
CPACharge
CPACharge was developed specifically for CPAs, enrolled agents and accountants, providing a simple, affordable online payment solution that allows you to securely accept credit, debit, and eCheck/ACH payments from anywhere. 
NJCPA_Icn_4C
On-Site Training

NJCPA on-site training programs offer the same outstanding content and expert instruction as our seminars but are led at your location.

Icon_MemberBenefits_MID
Accounting Today
Save 20 percent on an Accounting Today subscription and stay up to date on the latest issues affecting the profession.
Icon_3_people_circle_SKY-04
Join the Accounting Educators Community

Connect and share with other accounting educators about curriculum, trends and the profession. Learn about NJCPA initiatives that are valuable for your students including information on obtaining the CPA designation, student membership, scholarships, volunteer opportunities and events.

Icon_4_cube_connection_SKY-04
Earn an AICPA Robotic Process Automation Certificate
Recognize what RPA is and its business value, with specific focus on accounting and finance functions. Understand how RPA provides a significant competitive advantage.
Icon_MemberBenefits_MID
Guaranteed Rate/Marc Demetriou
Marc Demetriou of Guaranteed Rate is offering NJCPA members a “no lender fee mortgage” ($1,440 lender fee credit), competitive low rates and a dedicated team to deliver world class service.
Icon_3_people_circle_SKY-04
Join the Women's Leadership Forum

Join our online forum that enables female CPAs at all career levels and industries to make meaningful connections with each other and discuss career goals.

Icon_Monitor_magnify_SKY-04
Earn an AICPA Single Audit Certificate
Learn how to plan, perform and evaluate single audits in accordance with the latest requirements of the new Uniform Guidance.
Icon_MemberBenefits_MID
Wolters Kluwer
NJCPA members save 25 percent on CCH CPELink subscriptions, live webinars and on-demand self-study (mobile friendly) CPE courses.
Icon_MemberBenefits_MID
SMI

SMI has negotiated special discounts for the NJCPA members with all the major technology carriers and providers.

Icon_3_people_circle_SKY-04
Join the Business & Industry Professionals Interest Group

Stay connected to your peers and share knowledge on corporate finance topics.

Wolters Kluwer CCH
Save on COVID Tax Resources
NJCPA members save 25 percent on Wolters Kluwer's new book, COVID and Taxpayer Certainty Acts of 2020: Law, Explanation & Analysis.
NJCPA_Icn_4C
Shop the NJCPA store
Are you NJCPA proud? Purchase NJCPA merch to show your pride and help support our scholarship program.
Icon_Shooting_up_arrows_MID-03
Real Estate Classified Ads
View classified ad postings for office space for sale or rent.
Icon_Handshake_MID-03
Mergers & Acquisitions Classified Ads
View classified ad postings from CPA firms looking to be acquired and those looking to acquire or merge with other firms.
Icons_3_gears_midnight-03
Professional Services Classified Ads
View classified ad postings from companies providing services to CPAs.
Icon_3_people_circle_SKY-04
Join the Cannabis Interest Group
New Jerseyans have voted to legalize cannabis. Join the NJCPA's Cannabis Interest Group to gain information, insights and best practices for serving clients in this promising new industry.
NJCPA_Icn_4C
Zoom Backgrounds
Download our virtual backgrounds for Zoom meetings.
Icon_certificate_SKY-04
Earn an AICPA Certificate
When you’re ready to show your competencies, expand your career opportunities or enter new areas of practice, start by earning an AICPA certificate. Choose a certificate that matches your next career goal.
Icon_4_cube_connection_SKY-04
Earn the AICPA Blockchain Fundamentals Certificate
Build a foundation toward becoming a strategic business partner within your organization and with your clients. Learn how to anticipate potential benefits and risks of the technology, structure and functionality, and to translate them into relevant business application and value.