The October issue of the Journal of Accountancy includes an article written by Sarah Beckett Ference, CPA on accounting firm data breaches. Examples were drawn from the AICPA Professional Liability Insurance Program and include:
- “A CPA clicked on a phishing email, granting access to his system, including tax return preparation software. In early April, the CPA discovered that multiple in-process returns were submitted to the taxing authority without authorization but not before bank account information was changed to redirect refunds to the bad actors.
- In the middle of busy season, a CPA received multiple calls from individuals who received an email from the CPA with a link to click and download a secure document. An investigation revealed that the bad actor had gained access to the CPA’s email system and sent a phishing email to more than 2,000 contacts, some of whom took the bait.
- A CPA firm was subject to a ransomware event that encrypted a workstation, two servers, and local backups. In addition, the firm’s backup service was not currently synced. The firm was down for multiple weeks and had to redo hours of additional work.”
In addition to obtaining satisfaction that the CPA has the training and experience to service your tax needs, you need to obtain the same level of satisfaction that the CPA has appropriate defenses in place to protect your data from a cyber attack on the accounting firm. For more assistance, contact Kevin Ortiz in our office. To read the entire Journal of Accountancy article see Are you prepared for the cost of a data security incident?