Cyber criminals target accounting firms for taxpayer data

Posted on 03.07.18

Cyber criminals target accounting firms for taxpayer data

By Christopher Moschella, CPA, CISA | Risk Advisory Services Manager | Cybersecurity Team Leader

NBC Nightly News recently ran a segment about accounting firms being a focus for cyber criminals, coming on the heels of a recent IRS news release. The story highlights the fact that accounting firms safeguard a lot of sensitive information that is valuable to attackers. The story then goes on to focus on the risk of poorly configured wireless networks and email-based social engineering, both legitimate risks that should be addressed by every accounting firm.

The story hit close to home for Keiter, because NBC called to public attention what we live every day. The truth is that NBC is correct; accounting firms as well as other businesses are prime targets for attack. Financial services firms have personal information from millions of individuals, and such data is extremely valuable for cyber criminals. If an accounting firm were breached, a taxpayer’s stolen data would likely be sold on the dark web to identity thieves, who could then use the information to submit fraudulent tax returns, obtain loans, or engage in other forms of identity theft.

Although the NBC story is accurate, accounting firms are hardly alone in this regard.  Law firms and other professional services firms also have extraordinary amounts of highly sensitive client data and make attractive targets.  Retail stores take credit card data; engineering firms have highly sensitive patents and trade secrets; cloud providers store enormous amounts of data; and other businesses of all stripes have their own unique cyber challenges. No business is exempt from cybersecurity risk.

At Keiter, we are fortunate to have extensive in-house cybersecurity expertise who are serious about cybersecurity and battle every day to keep our client data secure. Keiter has embraced a three pronged approach to security which encompasses strong governance practices, technical defenses and training, as well as legal considerations and cyber insurance (because there is no such this as perfect security).  Additionally, several of the security services we’ve developed for our own use are also available to our clients, including:

  • Annual security awareness training
  • Simulated phishing campaigns to train our team to identify malicious email
  • Penetration testing and vulnerability scanning
  • Annual internal cybersecurity risk assessments

Cyber risk is a lamentable reality, but it is reality. We are working hard every day to protect the data entrusted to us by our clients, and to provide cybersecurity services to help our clients stay secure.

Interested to leveraging the three pronged approach to data security for your business? Contact our Cybersecurity Team.  We are here to help.

Resources:

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog