10 Ways to Manage Your Cybercrime Security Like You Mean It!

By Henry Rinder, CPA, ABV, CFE, CGMA, DABFA, Smolin, Lupin & Co., LLC – January 29, 2024
10 Ways to Manage Your Cybercrime Security Like You Mean It!

In today’s digital age, where technology is seamlessly integrated into the business, the need for robust cybercrime counter­measures has never been more critical. For CPA firms, safeguarding sensitive financial information and maintaining client trust is paramount. With cybercrime on the steep rise, CPA firms must take a meaningful approach to managing their cybersecurity. Following are 10 key strategies that CPA firms can employ to fortify their defenses against cyber threats.

  1. Stay informed and educate. The first step in managing cybercrime security is staying informed about the latest threats and trends in the cybersecurity landscape. Cybercriminals continuously evolve tactics, so staying ahead of the curve is crucial. Regularly attend cybersecurity seminars to ensure your firm’s knowledge is current. 
  2. Secure your network. Ensuring the safety of your network infrastructure is of utmost importance. Utilize strong firewalls, intrusion detection systems and encryption methods to protect data as it travels. When granting remote access, think about exclusively using equipment your firm owns and controls. Restrict access from overseas locations through the use of a geo filter. Implement a content filtering application to screen for threats like spam, malware and viruses.
  3. Continually train employees. Your employees play a critical role in main­taining cybersecurity. Use cybersecurity resources to train everyone in your firm periodically to recognize phishing attempts, social engineering tactics and other common cyber threats. Encourage a culture of awareness where employees feel comfortable promptly reporting suspicious activity. 
  4. Implement multi-factor authentication (MFA). One of the simplest yet most effective ways to enhance security is by implementing MFA. This extra step can significantly reduce the risk of unauthorized access, even if login credentials are compromised.
  5. Regularly update software. Outdated software is a common entry point for cybercriminals. Ensure that all software, including operating systems, antivirus programs and office applications, are regularly updated with the latest security patches. Ignoring updates can leave your systems vulnerable to known exploits that cybercriminals will likely target.
  6. Implement backup and recovery plans. No security system is foolproof, so making data backups and implementing recovery plans are essential. Regularly back up all critical data and ensure backups are stored in secure, off-site locations. Test the recovery process to make sure it will function properly in the aftermath of a cyber incident. 
  7. Conduct regular risk assessments. Regular risk assessments and penetration tests are vital for identifying vulnerabilities within your firm’s digital infrastructure. Engage quality cybersecurity professionals to conduct comprehensive assessments pin­pointing potential weak spots in your systems. This proactive approach will enable you to address vulnerabilities before cybercriminals can exploit them.
  8. Develop an incident response plan. The plan should outline the steps to take during a cyber breach. Assign roles and responsibilities to ensure a coordinated response that minimizes damage and facilitates a swift recovery.
  9. Engage external experts. Consider partnering with external cybersecurity firms or experts specializing in protecting CPA firms. These professionals can provide tailored solutions and insights to address your firm’s cyber challenges.
  10. Invest in cyber insurance. To mitigate the financial impact of a cyber incident, consider purchasing cyber insurance. Cyber insurance policies are tailored to cover various aspects of cybercrime, including data breaches, business interruption, legal liabilities and recovery costs. These policies can provide financial support to help your firm recover after a cyberattack. Work closely with an insurance expert to select a policy that aligns with your firm’s risk profile and needs. While cyber insurance doesn't replace robust cybersecurity measures, it adds an extra layer of protection and peace of mind in the face of unforeseen cyber threats.

Cybercrime is an ever-present threat that CPA firms must confront head-on. Firms can effectively manage their cybercrime security by staying informed, conducting regular risk assessments, implementing strong security measures, educating employees and preparing for potential breaches. Taking these proactive steps not only safeguards sensitive financial information but also preserves the trust and reputation of the firm among clients. Remember, managing cybercrime security is not an option — it’s a legal responsibility that must be embraced with diligence and determination. 

Henry  Rinder

Henry Rinder

Henry Rinder, CPA, ABV, CFE, CFF, CGMA, DABFA, is a member of the firm at Smolin, Lupin & Co., LLC. He is a past president of the NJCPA.

More content by Henry Rinder:

This article appeared in the winter 2023/24 issue of New Jersey CPA magazine. Read the full issue.