Safeguarding Client Data: It’s Everyone’s Job
Accounting firm cybersecurity is a team sport; leadership and employees must work together to safeguard company and client data. What does this involve? Transforming your cybersecurity objective from delivering employee training to creating a cyber-aware company culture.
In such a firm, every person — from administrative assistants to partners — strives to accomplish comprehensive cybersecurity. This effort goes far beyond holding an educational event or sending out employee training manuals. It must foster daily awareness at all levels of the importance of safeguarding the firm’s clients and the actions required to make that happen.
Here are steps to take before and during Cybersecurity Awareness Month (held each October) to prevent internal and external security incidents:
- Get top leadership involved. It’s in your firm’s best interest for the C-suite to advance cybersecurity. The problem is they have so much on their plates it can be difficult for them to focus on security matters. It is essential to convince them that data security is a strategic issue worthy of their attention. Sharing statistics on the average cost of a data breach and the percentage of breached firms that fail will fan their interest.
- Move cybersecurity beyond IT. Your IT experts have the technical knowledge to diagnose a data breach and lead the repair effort. But, creating a cybersecurity culture must transcend the IT department to include every department in the firm. It requires every team member to take cybersecurity to the next level. Thus, department leaders must play a role in motivating their employees to do their part.
- Understand your risks. Accounting firms are appealing cybercrime targets because they house large amounts of financial data — theirs and their customers’. And the risks accounting firms face aren’t the same as companies in other industries. Many accounting firms have tax practices, so they are especially vulnerable to identity-theft tax refund fraud. Knowing this, you can adopt stringent rules to store tax return data safely and encrypt all communications related to the preparation of client tax returns.
- Encourage diligence. Most cybersecurity incidents result from employee carelessness or mistakes. External cybercrime is a factor, but employees are more likely to cause data breaches by using their laptops at their local coffee shop or clicking on a malware link in a stranger’s email. How can you combat such losses? Encourage employees to slow down, think about what they’re doing and evaluate whether their actions pose a cybersecurity threat to the firm.
- Provide rewards. Basic cybersecurity training should be part of mandated HR training. However, consider offering advanced programs for which completion carries an incentive. Perhaps reward employees who deter a threat or an entire department that completed a year without a cyber incident. In short, show employees your firm is so committed to fostering cybersecurity that it is willing to put money (or other rewards) where its mouth is.
- Talk up cybersecurity during Cybersecurity Awareness Month. Don’t just deliver more training. Create a series of events that address various aspects of cybersecurity. These can include lunchtime talks by IT staff, company emails on data security topics, guest speakers, contests and more. Cybersecurity Awareness Month doesn’t have to be boring. Enliven it with humor, exciting information and compelling presentations.
Here’s the bottom line: Increasing your accounting firm’s cybersecurity is everyone’s job every day of the year, not just during Cybersecurity Awareness Month. However, use October to drive home your important cyber messages and engage employees in the challenging work of keeping firm and client personally identifiable information (PII) safe and secure.
Have you purchased cyber liability and data breach insurance yet? NJCPA members save on coverage from Gallagher Affinity.
Irene M. Walton
Irene M. Walton is vice president for the Greater Philadelphia area at Gallagher Affinity.