Cyber criminals target accounting firms for taxpayer data
Posted on 03.07.18
By Christopher Moschella, CPA, CISA | Risk Advisory Services Manager | Cybersecurity Team Leader
NBC Nightly News recently ran a segment about accounting firms being a focus for cyber criminals, coming on the heels of a recent IRS news release. The story highlights the fact that accounting firms safeguard a lot of sensitive information that is valuable to attackers. The story then goes on to focus on the risk of poorly configured wireless networks and email-based social engineering, both legitimate risks that should be addressed by every accounting firm.
The story hit close to home for Keiter, because NBC called to public attention what we live every day. The truth is that NBC is correct; accounting firms as well as other businesses are prime targets for attack. Financial services firms have personal information from millions of individuals, and such data is extremely valuable for cyber criminals. If an accounting firm were breached, a taxpayer’s stolen data would likely be sold on the dark web to identity thieves, who could then use the information to submit fraudulent tax returns, obtain loans, or engage in other forms of identity theft.
Although the NBC story is accurate, accounting firms are hardly alone in this regard. Law firms and other professional services firms also have extraordinary amounts of highly sensitive client data and make attractive targets. Retail stores take credit card data; engineering firms have highly sensitive patents and trade secrets; cloud providers store enormous amounts of data; and other businesses of all stripes have their own unique cyber challenges. No business is exempt from cybersecurity risk.
At Keiter, we are fortunate to have extensive in-house cybersecurity expertise who are serious about cybersecurity and battle every day to keep our client data secure. Keiter has embraced a three pronged approach to security which encompasses strong governance practices, technical defenses and training, as well as legal considerations and cyber insurance (because there is no such this as perfect security). Additionally, several of the security services we’ve developed for our own use are also available to our clients, including:
- Annual security awareness training
- Simulated phishing campaigns to train our team to identify malicious email
- Penetration testing and vulnerability scanning
- Annual internal cybersecurity risk assessments
Cyber risk is a lamentable reality, but it is reality. We are working hard every day to protect the data entrusted to us by our clients, and to provide cybersecurity services to help our clients stay secure.
Interested to leveraging the three pronged approach to data security for your business? Contact our Cybersecurity Team. We are here to help.
- Data Breach – It can happen to you!
- SOC for Cybersecurity: An Answer to Leadership’s Cybersecurity Responsibilities
- Five Reasons Why Your IT Outsourcer Isn’t Keeping You Cyber Secure (and neither is your internal IT team)
- Infosecstack: Your Collection of Free Cybersecurity Resources
- Cybersecurity: So You Think You Have A Breach
- Cybersecurity: Educate and Motivate Staff to Be Careful
- Access all of our Cybersecurity Resources