CPAs have their guards up regarding cybersecurity. The American Institute of CPAs (AICPA) hosted the eight-week webinar “Cybersecurity Fraud: What CPAs Should Know” to educate accounting professionals about an “expansive overview of all aspects of cyber security.”
Those aspects include discovering security threats, understanding security frameworks and making risk assessments. The risks these days are greater when you consider the prevalence of cloud computing, mobile devices and social media. Keeping in mind, too, that just this month Yahoo admitted/announced that upwards of 500 million email users accounts had been infiltrated (including passwords and other security verification information). The company claimed the breach was a “state-sponsored” hack, although that claim has been met with some suspicion.
The problem of hackers, fraud and cybersecurity isn’t just in the laps of information technology professionals. CPA’s also must learn to assess damage from cyber attacks, sharpen their ability to know the warning signs to pinpoint potential criminals within an organization–not to mention develop an eye for prevention to discover weaknesses that could lead to future attacks.
The Wall Street Journal reported that AICPA is taking its best practices when it comes to cybersecurity one step further. The new measure will target an increasingly popular form of fraud called “executive impersonation” that targets employees within organizations:
“The scam involves an email sent from an executive to a subordinate asking for a wire transfer or payment to a new bank. The attackers tend to target companies with foreign suppliers or units that regularly perform wire transfers to foreign banks, and strike when executives are traveling and cannot be reached.”
Employees are vulnerable to this kind of attack because they “get nervous by getting an email from the CFO and thinking ‘I have to do this.”
The AICPA has released a fraud report that is “aimed at improving the way accountants and company managers disclose cybersecurity risk management programs.” There is a growing demand for CPAs to be informed and effective when it comes to fraud-protective programs. CPAs are on the battleground to enforce cybersecurity engagement. The AICPA has said it hopes their recommended best practices will provide a “consistent, market-driven approach for CPAs.”