The statistics show that cybercrime is on the rise. Since the COVID-19 pandemic, the FBI has reported a quadrupling of cybercrime cases. Remote working has significantly weakened company data security as the corporate firewall no longer protects it.
Accountants, CPA firms, and professional service firms of all sizes have all been prime targets of cyber-attacks because of the significant amount of personal information they collect and store. Cybercriminals are aware that smaller firms generally have less robust security but hold equally valuable data.
State governments have responded with frequent and divergent changes to data security statues, which has resulted in compliance challenges for accounting and professional service businesses. Each state has specific data breach notification laws. All 50 states have laws that change frequently.
The most common cyber crimes
There are several ways cybercriminals try to breach security systems, but they do have some favorites. If you’re able to sure up weak links and don’t present any low hanging fruit to cybercriminals, it makes it much more difficult for them to take advantage. The FBI has identified the following as the most common crimes and risks online:
- Business email compromise — are scams that exploit the reality that so many of us rely on email to conduct business, both personal and professional.
- Identity theft — occurs when someone steals personal information, like a Social Security number, and proceeds to use it to commit theft or fraud.
- Ransomware — is a type of malicious software, or malware, that prevents companies from accessing computer files, systems, or networks and demands a ransom payment to unlock the files or system.
- Spoofing and phishing — are schemes aimed at tricking users into providing sensitive information. These often occur through email.
Best practices for minimizing the risk of cybercrime
Unfortunately, you can’t eliminate the threat of a cybercriminal attack on your company, but you can do a lot to minimize the risks.
The more aware your employees are of threats and how to identify them, the better. Staff should be trained on identifying the most common tactics used by cybercriminals and on best practices for email and passwords.
Education is key but equally important is the software used to keep cybercriminals at bay. The stronger the company’s security system, the more likely a cybercrime will not take place. Multi-factor authentication, anti-virus software, device lockdowns, and strong and unique passwords are simple but very effective tools every company can use.
Data privacy laws are changing
All U.S. states have laws mandating data breach notification. Multiple states rolled out new data privacy laws in 2018 and 2019, closely mirroring Europe’s General Data Protection Regulation (GDPR). The GDPR has been notoriously challenging for companies to implement, and many could not meet its strict requirements by its effective date. In the U.S., the CCPA took effect at the beginning of the year and is already being cited in data breach lawsuits (Barnes v. Hanna Andersson, LLC, N.D. 20-cv-00812).
The CCPA (California Consumer Protection Act) does the following:
- Gives consumers the right to know how their data is being used.
- Requires businesses to inform consumers about collected information and the purpose for which it’s collected.
- Formalizes data protection and disposal techniques and tools.
- Requires consumer notification within 30 days of breach detection.
- Provides civil financial penalties of up to $7,500 per instance of non-compliance.
- Gives individuals the right to bring a private right of action against a company when personal information is breached, without proving they incurred a financial loss from the data loss, but only show the company violated the law.
New York has the SHIELD Act, Nevada has Senate Bill 220, and other states are following with their own legislation.
Cybersecurity Insurance coverage
Even when companies do everything right, the risk of a security breach or falling out of compliance with new regulations exists. Once security has been breached or a compliance lawsuit has been filed, businesses will need a team of cyber and legal experts to navigate the situation.
McGowan Program Administrators have created CPAOnePro ℠ to provide quality professional liability solutions for public accounting firms. Broad network security and privacy coverage is part of that the special features and coverages. Our team has decades of experience working with CPA firms and providing coverage enhancements where we see gaps. Contact us to learn more.