by Rickard Jorgensen, FCII, ACIArb., ARM.
You could lose many, many hours of sleep if you read every one of the cyber articles that are being aimed at CPAs right now. However, if you haven’t thought about the risks to your firm from cyber attacks the insomnia is probably well deserved.
A recent article in Accounting Today described the four top concerns of CPA firms in regard to cyber exposure. The biggest concerns are related to Client information and Email security, which make sense given the number of spamming, phishing and spoofing emails that we receive, and most recently the fact – according to one article – that the price of cyber extortion software on the dark web has increased by 2,500% in the past year (who looks for this stuff?).
One thing that we did find interesting was a recent article in Investment News about a model rule being developed by State Securities regulators. Although not directly impacting CPAs (unless your firm has a Wealth Management practice) – Joe Borg, who has taken the lead role at the North American Securities Administrators Association for his third term – has declared that cybersecurity is a top priority. This comes on the heels of the major cyber-attack on the corporate filing system at the Securities and Exchange Commission.
The article also referenced NASAA’s cybersecurity check list. The list will likely form the basis of the NASAA’s model cybersecurity rule. We reviewed it and I think many of the areas addressed have an impact on other professionals, including CPAs. Consequently we have developed a modified checklist for accountants.
The modified Cyber security checklist is available here.
Jorgensen & Company are not attorneys and do not offer any form of legal advice. Consult with appropriately qualified local counsel to see if this checklist will work for you.
Rickard Jorgensen is President & Chief Underwriting Officer for the CPAGold™ program and may be contacted at (201) 345 2440 or firstname.lastname@example.org
- SOCIAL ENGINEERING/WIRE TRANSFER FRAUD – A NEW TWIST ON AN OLD SCAM.
- A new variation on Comfort letters – Third Party Verification Letter requests from Investment Professionals
- Cybercrime Uses Social Engineering Techniques to Steal Employee Credentials and Commit Payroll Diversion
- Using the engagement letter to reduce cyber liability exposure
- Early Notice to insurers and claims mitigation has many benefits