Accountants are prime targets of cyber crime. You are an enticing target because you possess large quantities of sensitive personal, financial, and tax information highly valuable for identity and financial theft, and you have the information and credentials necessary for criminals to generate fraudulent tax refunds in the names of your clients. Moreover, you are a vulnerable target because, unlike large institutions, you have less time and money to invest to ensure that all your security controls are strong enough to repel sophisticated cyber attacks.
Additionally, accountants face increasing regulatory pressure to adopt best-in-class protections for client information. Such pressure emanates not only from our home state (in the form of M.G.L. Chapter 93H and 201 C.M.R. Chapter 17), and from the Internal Revenue Service (in the form of I.R.S. Publication 4557), but also other states (like New York and California) and foreign jurisdictions (like the European Union and United Kingdom), which impose their laws on Massachusetts accountants who possess information about clients who are residents of those states and countries. Fines and penalties for failing to comply with these regulations are substantial, and typically follow a breach that was already painful enough.
It is imperative that accountants stay ahead of the cyber security curve. Ransomware, phishing, and malware exploit the tiniest of gaps, resulting in the exposure of sensitive client information or crippling your business during the busiest of tax seasons. To reduce these risks, accountants must computer science and engineering cyber security by: (a) conducting annual risk assessments with outside cyber security professionals, (b) identifying and mitigating all existing and potential vulnerabilities and threats, (c) implementing appropriate written policies and procedures, and (d) providing topical training to employees several times per year.
No comments:
Post a Comment