background image
20
www.ctcpas.org
20
www.ctcpas.org
C
PAs have always had a duty to
maintain data confidentiality.
In the digital age, this duty has
taken on a completely new set of risks
and threats. Sensitive information no
longer exists solely on sheets of paper
on desks or in filing cabinets; it is now
in multiple locations (many of those
digital in the cloud and on servers)
across the organization.
Modern technology has made ac-
cessing and transferring information
so simple that we may be inclined to
forget how easy it has become for the
wrong people to get their hands on it.
All too often files are moved around in
an unsafe manner through unencrypt-
ed email, flash drives, smartphones, or
laptops. These seemingly innocent and
convenient data storage and transfer
methods can result in major risks for
your organization.
Because large company cybersecurity
breaches often make news headlines,
it is easy to think they are the only ones
being targeted. Many global compa-
nies do house a tremendous amount
of sensitive data (and sometimes still
leave much to be desired in their pro-
tection practices), but they are certain-
ly not always the ideal target.
Hackers aren't usually looking for a
major challenge; they are interested in
low-effort, high-reward targets. CPAs
and other financial professionals often
fit this description because their data
is a treasure trove of confidential infor-
mation that is highly lucrative on the
black market. Couple that with the fact
that many small to medium-sized busi-
nesses have not instituted advanced
data-theft prevention methods, and
there is a perfect storm of easy prey
and high value.
In fact, 43 percent of cyber attacks
target small businesses, according to
Symantic's Internet Security Threat
Report.
While there are myriad professional
development programs and articles
focused on cybersecurity, developing
a course of action can be overwhelm-
ing. It's easy to let cybersecurity and
business continuity plans fall to the
back burner while you focus on seem-
ingly more pressing day-to-day busi-
ness needs.
One thing is certain: there will be more
and more cyber attacks in the com-
ing days, weeks, and years. Organi-
zations who face a breach will face
harsh consequences.
No business wants to have to inform its
customers or clients that their personal
Cybersecurity Risk Reviews:
A Practical Approach to Protecting Your Organization
By Jarrett Meiers, Director, Strategic IT Services, Blueprint Essential, a Division of Reynolds + Rowella