New tools for accountants can help protect companies from cyber threats

The digital threats facing organizations today have multiplied as they move their data hosting from localized servers to the cloud. Further, myriad devices, such as smartphones, tablets and laptops are accessing that data, many of which are not a company’s property, but are owned by employees. That’s made protecting all that data, and securing all the possible entry points, a significant task.

Coming to the aid of organizations in the fight against cyber threats are accountants who, with a new reporting tool, are able to help companies identify areas of vulnerability in their cyber defenses.

Smart Business spoke with Ryan Bidlack, IT Senior Manager at Barnes Wendling CPAs, about how accountants are helping companies with cybersecurity.

What are the major threats to an organization’s digitally stored information?
While the types of attacks have multiplied and evolved, what has remained much the same is the threat posed by internal employees. It’s not necessarily a rogue or malicious employee intent on doing harm to the company that is the problem.

Instead, it’s people who are unaware of the potential harm of clicking on a malicious link, falling for a phishing scam, or unwittingly downloading malware. Because employees can access the network from anywhere at anytime, if an unauthorized user gets access to their account, they can steal confidential data, client information, or anything that’s housed on the company’s network.

Outside devices pose a major threat. While the trend of Bring Your Own Device has certainly helped productivity, it’s become a means through which malware or viruses can find a way into a company’s network.
It’s tough to manage everything that comes into a company’s network these days. There isn’t one solution companies can use to protect themselves, rather it takes a multifaceted approach.

How well are companies defending themselves from these digital threats?
How well a company protects itself varies significantly between organizations. Based on the general success of ransomware and other high-profile attacks, no company should feel as if their systems are safe.

It’s a good idea to have risk assessments and system testing done annually by an outside entity. The American Institute of Certified Public Accountants, in 2017, introduced System and Organization Controls (SOC) Reporting for Cybersecurity to assist organizations in the fight against cyber threats.

It’s designed to examine, assess and report on various internal controls, and create greater efficiency by identifying redundant or ineffective controls. Some accountants have in-depth IT knowledge and are capable of performing an SOC Cybersecurity engagement. They not only have broad knowledge of existing threats, but they also stay current on threat protection methods.

What is cybersecurity and who needs a cybersecurity program?
Cybersecurity encompasses any software, hardware, processes or procedures designed to protect a network’s systems and data from any unauthorized access.

Any organization with an internet connection and data on its servers and workstations needs a cybersecurity program.

Some companies don’t think they’re at risk because they don’t process credit cards, but all companies could have personally identifiable data on their employees, such as Social Security numbers and protected health information. They also could have sensitive customer information or data —all businesses use emails, which contain a wealth of information. Companies that are storing any of this must protect access to that data.

How can accountants help companies address cyber threats?
SOC Reporting for Cybersecurity is a tool CPAs can use to provide companies with an opinion on their risk management program, including the effectiveness of their controls. It’s a unique reporting mechanism for CPAs  who are bound by AICPA guidelines, and adhere to standards subject to peer review.

All organizations need to continuously assess their cyber risk proactively rather than reactively. While an organization might feel safe because it hasn’t been hit by a cyberattack, chances are it will be, or already has been hit and doesn’t know it. ●

Insights Accounting is brought to you by Barnes Wendling CPAs