Cybersecurity Considerations for Accounting Firms
October 28, 2022
October is Cybersecurity Awareness Month in Canada. Cybersecurity needs to be top of mind for all businesses, especially when you consider that according to this survey commissioned by CyberCatch earlier this year 75% of small- and mid-sized accounting firms say they would only be able to survive less than a week if they suffered a major cyberattack.
A couple of months ago, Stuart Smith, Chief Technology Officer with Keyworks, sat down with WealthCo’s Tim Coakwell as part of our Innovative Accountant podcast series to discuss cybersecurity and technology for accounting firms. Here are some of the takeaways from that discussion.
What are the risks that businesses are facing today?
Large-scale data breaches and cyberattacks are regular headline fodder, and Smith reaffirms that data protection is something that continues to be paramount for organizations.
“Particularly in the financial sector, the data we’re dealing with is so sensitive and personal, so privacy and confidentiality is extremely critical. Clients need the peace of mind of knowing that they are working with a trusted partner and that this trusted partner is doing their due diligence to keep their information safe. Reputationally, this couldn’t be more important.”
What key things do businesses need to consider from a regulatory standpoint?
Personal accountability factors into cyber due diligence in a big way.
“It’s important to raise personal awareness around accountability,” Smith shares. “We’re all accountable, directors of companies are liable and accountable for privacy now, so they need every assurance that the systems that are in place are current and sufficient.”
Just consider the Colonial Pipeline cyberattack that occurred in May 2021. A single compromised password (believed to have been obtained from the dark web) is the root cause of this cyberattack, which holds the unfortunate honour of being the largest publicly disclosed cyberattack against critical American infrastructure of all time. The outcome? Colonial paid 75 bitcoin ($4.4 million) and the pipeline was taken offline (for five days) to reduce additional risk of exposure.
The impact was significant and widespread:
- The airline industry was deeply affected by the resulting jet fuel shortage
- Panic buying and long line-ups from individuals fearing a gas shortage
- A spike in prices at the gas pumps
- The US Consumer Product Safety Commission had to issue numerous warnings due to consumers filling plastic bags with gas for storage purposes
Smith alludes to this incident in the podcast, and specifically to the regulatory and compliance lens that was applied to Colonial post-attack.
“Right after this attack, President Biden had all the tech leaders in large American firms to come to the White House and they talked about new measures that need to be adopted to protect infrastructure and finances and the economy. We’ll see a lot more of these compliance frameworks driven by government in addition to already being heavily driven by industry.”
How has finance impacted technology?
The financial industry has had a profound impact on technology. For one thing, it has driven the development of sophisticated computer systems that can handle large amounts of data. Financial institutions have also been early adopters of mobile technologies, such as banking apps and mobile payment systems.
Furthermore, as Smith points out, “the financial services industry is really the one that has driven governance, risk, and compliance (GRC). They’ve been pioneers in setting GRC standards.”
What opportunities exist technology-wise for accounting firms?
As Smith points out, there is no shortage of opportunities for accounting firms.
“The approach we take is to look at how we can be driving better business outcomes, not only in support of our clients, but also in support of our own businesses – making things more efficient, optimizing, automating. By embracing and leveraging new technologies, things like artificial intelligence.”
Technology brings about a very exciting opportunity to change the end customer experience.
“Something that was okay three years ago, taking three or four days to sign a document, is no longer okay,” Smith shares. “The pandemic shifted some behaviours. People’s perceptions have changed. We’re in this world now where everything is mobile and everything is real-time, there is a high level of transparency – from being able to track when your delivery pizza is in oven to monitoring how far away your Uber driver is. What can we do in our customers eyes to help transform our businesses? Particularly in the finance industry – what can we do to break the chain and implement areas of customer experience that are going to be really meaningful and that our clients will appreciate?”
To check out the podcast, “Cybersecurity, Data Privacy, and Technology for CPA Firms” in its entirety:
The Integrated Advisory community consists of a network of progressive CPA firms, along with best-in-class professional advisors, service, and product specialists, who work together to deliver an elevated and holistic client experience. One that optimizes both their personal and professional lives with an integrated financial strategy designed to help clients reach their goals.