ThreatAdvice offers a complete cybersecurity training solution for accountants that includes the basics of cybersecurity and customized modules that relate specifically to accounting. Additionally, ThreatAdvice's cybersecurity courses are endorsed by the Alabama Society of Certified Public Accountants and are certified to receive continuing education credits in certain states.
Long gone are the days when the only risk CPAs had to worry about was identity theft. These days, accounting firms should be concerned about corporate account takeover, theft of data, ransomware and more.
Accounting firms, using various technologies, accumulate massive amounts of sensitive data during their work. Specific data found at CPA firms such as corporate financial information, independent audit files, and personal tax returns contain some of the most sensitive information around, and therefore becomes a huge target for cyber crooks.
As accounting firms become more and more “paperless” in order to increase the efficiency of their tax and audit services, they find themselves guarding huge silos of electronic information that can be stolen and misused by others. Rule 301 of the AICPA’s Code of Professional Conduct requires that CPA’s “shall not disclose any confidential client information without the specific consent of the client” This does not only mean disclosure that the CPA knows about; it also means disclosure of any information to unauthorized parties due to malware or any other tricks employed by cybercriminals.
One of the first steps a cybercriminal takes to execute an attack is to illicitly obtain login credentials. This is accomplished by using a malicious program distributed as an email attachment, unintended web browsing download or file transfer of a seemingly legitimate/safe file. By opening these attachments, the user inadvertently downloads and installs a malicious program, such as a Trojan, and usually is unaware that anything threatening is occurring. All of a sudden, boom, your accounting firm is under attack. All from opening one seemingly harmless email. And, did you know cybercriminals typically tend to attack small-to-mid-sized businesses (SMB’s) because these organizations tend to pay less attention to cybercrime and have fewer resources dedicated to preventing an attack?
Whether you are in tax, audit, advisory, or other service areas, you will be in violation of CPA ethics requirement if your client’s information is stolen (in addition to the state and federal legal confidentiality requirements that the CPA might also be in violation of.) As cyberattacks increase, a CPA must ask him or herself…how do I keep my information safe from the bad guys?
ThreatAdvice can help you answer the question of how to keep your data safe from cybercriminals. One of the main ways to build your defenses is through our offering of cybersecurity education and cyber awareness for you and your employees. Everyone from the founding partner to your summer tax interns should complete cybersecurity education and awareness training to mount an educated and defensive response to cybercriminals. Plus, ThreatAdvice makes cybersecurity education fun with our built-in trivia application, NxtQ, where employees can earn coins to cash in for prizes and gift cards available in the ThreatAdvice marketplace.