Top cyber risks CPA firms need to have on their radar

By Cecilia Yontz, OSPCA marketing and communications intern  

Across all cyber attacks, firms are losing an average of around a trillion dollars annually, said one expert. 

“There's really no industry out there that is immune to some of the details that cybercriminals can get into,” said Robert Albertini, a risk advisor at Aon. “But because the CPA industry is financially driven, that's what cyber-attackers are primarily looking at.”   

The top cyber risks that are affecting CPA firms include: 

• Ransomware- occurs when client information is unknowingly given to a cyber-criminal, and they hold it hostage until a ransom is paid. 

• Social engineering- another cyber-attack that relies on human error, this time solely through phishing emails. 

As for cyber risks that firms might be particularly unprepared for, Albertini noted that in general, many small to midsized firms wrongfully believe they have a lower risk of being a target of a cyber-attack.  

"When we first started looking at cyber, we'd been hearing about all these large companies getting hacked,” said Albertini. “Well, when these large companies set a mainframe and offer protection in place, they go after the midsized companies and when they do it, they go after the smaller ones. It's a trickle-down effect.” 

When it comes to protecting against these cyber-attacks, Albertini’s recommendations include: 

• Ensuring employees review the firm’s disaster recovery plan 

• Providing encryption on all work-issued devices 

• Being more PCI-compliant 

• Storing sensitive information in a secure place  

• Holding training, on average, every six months 

• Staying vigilant in the environment that you are working in 

When it comes to protecting against the fallout of cyber attacks, Albertini recommends considering cyber liability coverage.  

“If they currently do not have some sort of cyber coverage, it's always good to get a quote,” he said. “It’s a transfer of risk rate so you don't have to dip in your own pocket and pay your claim. Your insurance company can help it, but it's supplemental for your cyber security strategy.” 

Cybercriminals are evolving, and it is vital for firms to stay up to date on their cybersecurity strategy in order to protect themselves and their clients.  

“With millions of hackers out there around the world, there's always some new tax strategy that some of these criminals are posting on companies and CPA firms,” said Albertini. “You want to be sure you have a strong network and a strong policy.”