Data Breach and Cyber Security in Small Accounting Firms
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
123
Subject
English
Date
Dec 6, 2023
Type
docx
Pages
9
Uploaded by BrigadierSpider3314
1
Data Breach and Cyber Security in Small Accounting Firms
Felisha Phelps
ENG-123-R6054 English Composition II 23EW6
Elizabeth Bennett
July 27, 2023
2
In recent years, financial services organizations have become a prime target for hackers
due to their possession of sensitive personal and financial data. CPA firms are at risk of being
targeted by tech-savvy thieves seeking to exploit the potential treasure trove of client
information. If your CPA firm has been breached before, you know how damaging it can be to
your client relationships and your bottom line. With the frequency of these attacks increasing, the
costs associated with them are also on the rise, with the average cost of a data breach in the U.S.
reaching $8.19M last year - the highest globally
(Endeavor Business Media, 2020)
Without
adequate security measures, your firm could suffer significant financial losses if your clients'
data is compromised. Moreover, cyberhackers can cause additional damage. Therefore, it is
crucial to prioritize cybersecurity to protect your clients' data. To achieve an un-hackable ideal,
you can take several steps
(Endeavor Business Media, 2020)
As someone studying accounting, I
understand that these steps are crucial, every employee understands the risks involved, receives
IT training, and knows which accounting software to use for optimal security.
Our first focus will be on comprehending the risks. Accounting firms need to understand
the various dangers such as phishing scams, ransomware, and hacking that exist out there.
Cybercriminals often use phishing schemes to deliver ransomware, with emails being the most
common method. These emails may contain malware disguised as harmless file attachments.
More advanced phishing tactics like "spear phishing" and "whaling" are also used to target
specific individuals or high-ranking officials. For instance, an accountant may receive an email
with a subject line related to a conference their company is attending, making them more likely
to open the email. According to Rathour, cybercriminals use social engineering techniques to
increase the chances of someone falling for their scams (Politzer, 2020).
Ransomware is
malicious software that aims to seize control of computers, networks, files, and confidential data
3
by encrypting them and preventing owners from accessing them. The attacker then demands
payment, often through anonymous crypto currency such as bitcoin, to restore the files.
According to a 2019 report on cybersecurity by Ponemon and Accenture, there was a 15%
increase in the number of organizations encountering ransomware attacks in one year, and the
frequency of attacks had increased by over three times in the previous two years. Rathour
stresses the importance of investing in proactive prevention measures. He explained that
malware can spread through a network, infecting every reachable computer, and encrypting all
accessible files, including sensitive data like health records and Excel documents. This can
effectively shut down an entire business, leaving them vulnerable to ransom demands. Deciding
whether or not to pay the ransom should be evaluated on a case-by-case basis (Politzer, 2020).
The last threat is cybersecurity hacking which is the act of misusing devices such as computers,
smartphones, tablets, and networks to cause damage, corrupt systems, gather information, steal
data and documents, or disrupt data-related activity. The traditional view of hackers is that of a
lone rogue programmer skilled in coding and modifying computer software and hardware
systems. However, this narrow view does not capture the true technical nature of hacking.
Hackers are becoming increasingly sophisticated, using stealthy attack methods designed to go
unnoticed by cybersecurity software and IT teams. They are also highly skilled in creating attack
vectors that deceive users into opening malicious attachments or links, resulting in the release of
their sensitive personal data. As a result, modern-day hacking is far more complex than just a
child in their bedroom, and it has become a multibillion-dollar industry with highly sophisticated
and successful techniques
(Fortinet, 2023)
To assist accounting companies with their security concerns, a suggest ensuring that all
employees receive training from the IT department. This is crucial as it reduces the risk of
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
unauthorized access to the company's network, which could lead to serious problems.
T
o
effectively address cybersecurity threats, IT already understands the specific risks facing their
organization and implements a basic plan to mitigate them. Aleksandr Valentij, the chief
information security officer at Surfshark, advises businesses to start with small steps, such as
providing basic cybersecurity training to raise awareness among employees. Constant reminders
about essential cybersecurity practices, like using strong passwords and multi-factor
authentication, can also help. To make the training more interactive and accessible, companies
can purchase pre-made courses or create their own in-house materials. These materials may
include tests or examinations to encourage participation and can be integrated into HR
management platforms for easy tracking of progress. By taking these steps, businesses can
improve their cybersecurity posture and better protect themselves from potential threats
(Nath,
2022)
If your employees suspect something suspicious, ensure they know how to contact IT
through an alternative platform. It is crucial to have clear protocols regarding document sharing,
access to information, and when and how information can be shared externally. With the shift to
remote work, companies must tighten security around endpoints and corporate devices.
Companies should invest in VPNs, single-sign-on services such as Okta, and consider
proactively testing all their assets through a Pentest as a Service (PtaaS) offering. Companies can
provide a "networking basics" course during onboarding to assist employees in setting up and
segmenting their home networks. By implementing these tips, your company will not only be
more secure but also enhance the workflow of your employees
(Nath, 2022)
To safeguard an accounting firm against data breaches and cyber security threats, it is
crucial to choose the appropriate accounting software. This is because some software comes with
built-in protection, in addition to the knowledge acquired from IT.
When selecting accounting
5
software for your business, it is important to choose one that comes with built-in financial
cybersecurity measures. This saves you the trouble of having to manually install security
protocols. To ensure that your financial information is protected from cyber threats and breaches,
look for software that includes
two-factor authentication (2FA) which is a great security measure
that adds an extra layer of protection to your account. With 2FA, users must provide two pieces
of information to log in, making it much harder for unauthorized individuals to access your
account. Another helpful feature is audit trail functionality, which allows you to monitor changes
throughout your financial reconciliation process and ensure that all information is accurate. This
feature is especially useful for keeping track of who is managing the financial information.
Another feature that should be looked for is workflow rules, this helps automate accounting
tasks, reducing the risk of errors caused by manual mistakes (Kurszewski, 2023)With this
feature, you can determine how data is processed, logged, and utilized. Offsite data storage is a
smart way to keep your data secure. By storing the data in a separate facility, the company can
gain full control over information and make it harder for hackers to access the companies’
confidential data. User permissions and role hierarchy are also essential features for keeping data
secure. With user permissions, the manager can decide what tasks users have access to, allowing
only the necessary employees access to confidential information. User role hierarchy allows the
company to define a hierarchy in which specific users can view, edit, or comment on different
components of accounts within the system, based on their level of expertise. This ensures that
individuals only have access to data that is appropriate for their level of responsibility,
minimizing the risk of unauthorized access (Kurszewski, 2023).
It is surprising that 56% of small business owners believe they will not be targeted by
hackers and 59% think they can bounce back quickly if they are attacked. However, these
6
confident attitudes are unfounded considering that 42% of small businesses do not have a plan in
place to handle cyber threats. Additionally, 11% of small business owners are not even aware if
they have a plan or not. It is also concerning that only 26% of small businesses have cyber
insurance (Tyson, 2021). Many small companies believe they are too insignificant to be targeted
by cyber attackers. However, almost half of all hacking attempts are directed at small businesses.
This is because novice hackers tend to target easy marks, such as smaller companies, to gain
experience and practice their skills. Additionally, attackers may use small business to access their
suppliers, customers, and financial institutions. It is crucial for all businesses, regardless of size,
to be vigilant and take measures to protect themselves against potential cyber threats (Tyson,
2021). Many businesses are shifting towards using cloud-based services, such as software. They
are doing this, thinking it is improving their network security. In fact, subscribing to cloud
applications or services can expand a business' IT footprint, leaving it vulnerable to hackers who
can compromise thousands of small businesses by attacking a single cloud-based application
provider. It is important to note that almost two-thirds of security incidents involve third parties
(Tyson, 2021). Small accounting firms may believe that they can withstand cyber-attacks, but a
recent study from the University of Texas found that 94% of companies that experience such
losses do not survive. These small firms may not have the resources to invest in network security
services and may rely on consumer-oriented "security" products like Norton. However, these
products may not be effective in detecting modern malware, browser attacks, phishing frauds,
and viruses (Tyson, 2021). Small business owners put their livelihood and their teams at risk
every day. They accept potentially insurmountable liabilities and put their reputations on the line.
A crucial aspect of maintaining good cybersecurity is implementing the best practices and
educating all legal internet users on safe usage. This is essential for protecting against cyber
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
threats (Padallan, 2019, pp. 172-192)
Small accounting firms can prevent themselves from
becoming a target of hackers by ensuring that all employees understand the risks involved and
receive adequate IT training. It is crucial that they also know which accounting software to use
for optimal security. Taking these measures will help keep the firms safe and secure.
Reference
8
Endeavor Business Media (2020). Why Preventing Data Breaches Should be a Top
Priority for CPA Firms.
CPA Practice Advisor
, (Mar 2020), GALE|A619790363.
https://go-gale-
com.ezproxy.snhu.edu/ps/i.do?p=ITBC&u=nhc_main&id=GALE|
A619790363&v=2.1&it=r&sid=bookmark-ITBC&asid=7c4a49f1
Fortinet (2023, January 1).
What is Hacking?
Retrieved August 8, 2023, from
https://www.fortinet.com/resources/cyberglossary/what-is-hacking
Kurszewski , N. (2023, July 5).
Accounting Cybersecurity in 2023: How to Keep your
Financial Data Safe
. Ebizcharge. Retrieved August 8, 2023, from
https://ebizcharge.com/blog/accounting-cybersecurity-in-2023-how-to-enhance-your-
cybersecurity-and-keep-your-financial-data-and-personal-information-safe/#:~:text=5%20tips
%20to%20enhance%20your%20accounting%20cybersecurity%20and,5%205.%20Choose
%20the%20right%20accounting%20software%20
Nath, O. (2022, February 9).
Top Ways Organizations Can Train Employees to Defend
Against Cyber Attacks
. Spice Works. Retrieved August 8, 2023, from
https://www.spiceworks.com/it-security/cyber-risk-management/articles/training-employees-
against-cyberattacks/#:~:text=Create%20training%20campaigns%20to%20cover%20essential
%20cybersecurity%20topics%2C,Establish%20a%20monthly%20phishing%20simulation
%20and%20training%20cadence
.
Padallan, J. O. (2019).
Cyber Security
. Oakville, ON : Arcler Press. https://eds-p-
ebscohost-com.ezproxy.snhu.edu/eds/detail/detail?vid=4&sid=5f934411-fd73-4bc0-8ffd-
aa9aa1150dbb%40redis&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d
%3d#AN=2324327&db=nlebk
9
Politzer, M. (2020). Why Preventing Data Breaches Should be a Top Priority for CPA
Firms.
CPA Practice Advisor
, (Mar 2020).
https://www.journalofaccountancy.com/newsletters/2020/mar/top-cyberthreats-accounting-
firms.html
Tyson, B. (2021, December 1).
5 Reason why Small Business Don't Care
. Linkedin.
Retrieved August 8, 2023, from www.linkedin.com.
https://www.linkedin.com/pulse/5-reasons-
why-small-businesses-dont-care-bruce-tyson-pmp
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help