Apps and Software

Public Accountants Keep Eye Peeled To This Cybersecurity News

Written by

Last Updated: Dec 5, 2019

In May 2017, the American Institute of Certified Public Accountants (AICPA) released a cybersecurity framework that CPAs could use to evaluate their own and their clients’ risks with respect to data breaches and related cybersecurity matters in the conduct of their respective businesses.

In themselves, the framework and its recommendations are not remarkable, but the AICPA’s acknowledgment of a public accountant’s role in assessing cybersecurity risks demands greater attention.

Public accountants are advisors and auditors of their clients’ finances and business operations.

To fulfill this role, they are given access to large volumes of the clients’ confidential financial information.

Large accounting firms might store and maintain this information on their own data management systems.

If those systems are not properly secured and defended, the accountants expose themselves and their clients to the type of losses and third-party liabilities that can flow from a data breach.

secured and defended

Notwithstanding the value of this data, many public accounting firms are not yet equipped to safeguard it against expanding cybersecurity threats. Many of those firms are prone to the same weaknesses as their clients, including:

  • Ignorance of the level of the threat;
  • Poor password practices that lead many CPAs and their employees to use easy-to-guess passwords, or to use the same password for multiple different logins without regular password changes;
  • Internal threats from inattentive employees and vendors who inadvertently click on email links that contain malware;
  • Reliance on cloud-based data storage services that are not adequately secured;
  • Internal computer networks that have weak cyber defense systems, or systems with software that has not been updated with patches over known security flaws.

These problems and weaknesses extend to the very top of the public accounting world hierarchy.

In September 2017, an item appeared in the news cycle that Deloitte’s information systems network had been compromised since at least March of that year.

The hackers who broke into Deloitte’s network purportedly were able to access information about many of Deloitte’s corporate and government clients.

Belying the sophistication that is sometimes credited to the hacking community, the Deloitte hackers accomplished this feat using a single administrator password that gave them the ability to open every one of the accounting firm’s internal email accounts.

Data Breach

Deloitte announced that this data breach impacted only a limited number of its clients and that it had no material impact on its day-to-day operations.

This event was nonetheless embarrassing to the renowned public accounting firm that had previously been recognized as one of the world’s top cybersecurity consultants.

Even where client data suffers a little impact, this event demonstrates how a public accounting firm’s reputation can take a serious hit when it is the target of a successful cyberattack.

As public accounting firms beef up their cybersecurity defenses and turn their attention to remedying the cybersecurity weaknesses that run through many different industries, they will also need to acknowledge the reality that it is not possible to prevent every data breach.

Hackers offer their services over the dark web, and that marketplace creates great incentives for hackers to develop new tools and techniques that overcome new defenses against hacking attacks.

Cyber Insurance

With this in mind, cyber insurance for CPAs and public accounting firms is now as important as professional liability insurance.

Cyber insurance can provide coverage and reimbursement for accountants and their firms from the direct losses and third-party liabilities that are associated with a successful data breach.

Read More: Capturing Professional & Incredible Looking Photos – Tips To Follow

That insurance can also help a public accounting firm to defend and protect its reputation by demonstrating to the firm’s client base that the firm and its members understand the gravity of the cybersecurity problem and are willing to take concrete steps to address it.

Image Credits
Featured Image: Shutterstock
In-Post Images:, &

Related Posts


Hints on how to write a helpful review

A great review should have the following qualities:

  • A helpful review should connect and engage with the readers using personal experience.
  • An excellent review provides the readers with cogent and unbiased information necessary to help them make the best choice.
  • A review must be well-formatted to make reading easier by using multiple paragraphs and avoiding caps.
  • The primary goal of your review must remain to provide accurate and non-salesy information.
  • Above all, let your review be fair and honest.

We have high level of professional editorial section with zero tolerance policy on fake reviews.

To maintain the genuineness of our brand, we ensure all customer reviews submitted to us are verified and confirmed before publishing. Though we might not be a 100% accurate, however, we try our best to ensure being next to best. For a thorough verification of submitted reviews, we spend close to 7 working days before allowing any customer review to be published since we also work on the earliest submissions first.

The Quality Page Score Explained

    Your Rating*

    Were you able to find the information you were looking for on our website? YesNo

    Did you find that information valuable?

    How likely are you to share our page with a friend? Scale 1 to 5