Cyber breaches have become more common threats for businesses. The COVID-19 pandemic accelerated the digitalization of many companies and a shift to remote working. That increased first-quarter cybercrime 273% in 2020 compared to 2019. The new and innovative ways hackers found to steal company data cost U.S. businesses an average of $8.64 million per breach. Even more startling: small businesses were victims of nearly a third of all cyberattacks.
What new trends, patterns and hacks can we expect this year? How can CPA firms protect their practice and their clients from cyberattacks?
Jim Bourke, CPA, CITP, CFF, CGMA, a cybersecurity expert and Managing Director of Advisory Services at Withum, shares three cybercrime predictions for the year.
Trend 1: Remote work is making companies more vulnerable to cyberattacks.
Within the past year, more people across the globe are working remotely than ever before. “That creates a massive amount of opportunities for cyberthieves,” Bourke says. “We’re going to see a continued proliferation of cybersecurity breaches.”
The pandemic affects how we all work, and your IT department is no different. Most IT teams are well versed in protecting office networks against data breaches. However, they likely didn’t anticipate that most of their staffs would work remotely for the foreseeable future.
Bourke says that the shift created a new level of complexity.
“All it takes is one staff person to give away the keys to the kingdom and let a potential cyberthief in,” he says. However, firms can reexamine the controls and security protocols they have in place to mitigate the risk.
Trend 2: Organizations will educate employees about how to minimize security risks while working remotely.
Bourke suggests that more companies will instruct their staffs about how to prevent these risks while working remotely. IT departments should cover topics such as how to secure home networks. For example, he says, “Most people never change the password for their home wireless router, which is a major point of vulnerability. Anyone who passes through your house could gain access to anything that your laptop is connected to while you’re on that network.”
Hackers may also target the technologies commonly used for remote work, such as Microsoft Office, Skype or Zoom.
“This technology is not new, but we’re using a lot more of it than we’ve ever used before,” Bourke says. “We’ll begin to see more phishing attacks around trying to steal credentials for these programs.”
Firms should be proactive to ensure that employees know how to identify these types of attacks.
Trend 3: CPAs will continue to be essential partners in identifying and addressing cybersecurity risks.
CPAs regularly work with financial information and understand the vulnerabilities associated with storing and handling confidential data. Bourke says that the required education for CPAs — whether for their accounting degrees or as part of continuing education throughout their careers — uniquely prepares them for a cybersecurity role. “The best team to help clients with respect to cybersecurity awareness and remediation is a team made up of CPAs and IT professionals,” he says.
CPAs can serve multiple roles in preventing cybercrime — such as identifying potential threats, developing safety protocols and evaluating risk management plans — within their firms or for clients. However, if your firm doesn’t have cybersecurity expertise, you can connect clients with experts who can help them put together effective cybersecurity risk management programs. If your firm wants to expand its cybersecurity knowledge, consider training your staff or partnering with a firm that has this expertise.
Increase your firm’s knowledge.
Cyberattacks aren’t going away and are becoming more prevalent. CPAs play an important role in protecting clients from risks. It’s better to proactively address threats. Now is the time to learn the best cybersecurity practices.
We’ve developed some resources, including articles, podcasts, reports and webcasts, in our Cybersecurity Resource Center to expand your firm’s knowledge. We also offer cybersecurity certificates to help you learn more about how to prepare for these threats.
If you want to take it a step further, consider the AICPA’s Certified Information Technology Professional (CITP®) credential for your staff. The CITP credential illustrates proficiency in assessing, detecting and managing cyber risk. Having a CITP on staff will help boost client confidence and enhance your firm’s credibility as a cybersecurity service provider.
Ultimately, cybercrime is not only a risk to your (and your clients’) data but to your firm’s reputation. But, with proper training, you can be prepared to mitigate these potential risks.
Kristen Hughes, Associate Director — Advisory Services & Credentialing, Association of International Certified Professional Accountants