Accounting firms, using various technologies, accumulate massive amounts of sensitive data during their work. Things found at CPA firms such as corporate financial information, independent audit files, and personal tax returns contain some of the most sensitive information around, and therefore becomes a huge target for cyber crooks.
As accounting firms become more and more “paperless” in order to increase the efficiency of their tax and audit services, they find themselves guarding huge silos of electronic information that can be stolen and misused by others. Rule 301 of the AICPA’s Code of Professional Conduct requires that CPA’s “shall not disclose any confidential client information without the specific consent of the client”. This does not only mean disclosure that the CPA knows about…it also means disclosure of any information to unauthorized parties due to malware or any other tricks employed by cybercriminals.
Whether you are in tax, audit, advisory, or other service areas, you will be in violation of this ethics requirement if your client’s information is stolen, and that is in addition to the state and federal legal confidentiality requirements that the CPA might be in violation of. So as cyberattacks increase, the CPA must ask him or herself…how do I keep my information safe from the bad guys.