CPAs Are Primed for the Fight Against Cybercrime

When a hacker looks at a certified public accountant, or CPA, he or she may only see a target - a potential victim who houses a trove of personal and financial information on their clients. But CPAs don't have to take this sitting down. Believe it or not, CPAs have all the skills and expertise necessary to become leaders in cybersecurity.

Below, CyberPolicy examines a few ways CPAs can protect their digital assets with CPA cyber insurance and how they can contribute to cyber awareness and the fight against cybercrime.

An Unlikely Hero
Earlier this year, the Center for Audit Quality (CAQ) published a white paper highlighting the critical role CPAs and their organizations play in the fight against cyber threats. Among the vital attributes CPAs have, CAQ includes:

  1. A sense of core values related to independence, objectivity and skepticism. CPAs are trusted advisors to business leaders and boards across industries because they provide clear, nonpartisan and expert advice relating to accounting. But things don't have to stop there. CPAs are encouraged to develop and share their cybersecurity expertise with clients.
  2. Experience in independent evaluations. Audit firms regularly provide independent opinions and advice regarding financial statements and internal control over financial reporting (ICFR). But many large accounting firms have taken the next step to develop built-in IT practices that provide attestation and advisory services on security-related matters.
  3. A wealth of multidisciplinary strengths. Gaining a CPA designation is notoriously difficult. In fact, the pass rate for the CPA exam is less than 50 percent! So, you know CPAs are the cream of the crop. But many public accounting firms are adopting new credentials specifically related to IT and security including the Certified Information Systems Security Professionals (CISSP), Certified Information Systems Auditors (CISA), and Certified Information Technology Professionals (CITP).

Of course, CAQ isn't the only organization promoting CPAs in the fight against cybercrime. The American Institute of CPAs (AICPA) similarly encourages certified public accounts to discuss cybersecurity measures with various stakeholders.

Up for the Challenge
By reviewing their own defense protocols, sharing risk management expertise and providing advice to clients and partners, CPAs can develop a culture of cybersecurity everywhere they do business.

Here are a few of the key actions necessary for a robust cybersecurity plan:

Perform an initial risk assessment and share the findings with business leaders and stakeholders.

Ensure that all accounts are protected by complex and unique passphrases.

Employ multi-factor authentication (MFA) for various devices and accounts.

Encrypt sensitive data in storage and in transit, and be extremely careful how this data is managed.

Review and limit access privileges on a need-to-know basis.

Develop an incident-response plan in case of data breach or cyberattack.

Establish an audit trail.

While these simple steps can drastically improve cyber resiliency, the risk of digital incursion is ever present. Do yourself, your company and your clients a favor by investing in CPA cyber insurance from a reputable provider.

Not sure where to start? Visit CyberPolicy for a free quote fit to your needs.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375