As we rely more and more on technology and companies have their employees work from home, the risk of having a cybersecurity breach should also be considered.
In particular, professional services that deal with and handle a great deal of personal information from clients are especially susceptible to cyberattacks.
One professional industry that has been targeted are those who work in Accounting. Take a look at what happened to the Canadian Chartered Professional Accountants Association when they suffered a cyberattack in 2020:
In early June 2020, the Chartered Professional Accountants (CPA) of Canada experienced a cyberattack on its website. This attack compromised the personal information of more than 329,000 members and stakeholders in the Association.
This stolen data included names, addresses, emails, and employer information. It is believed that the compromised data was later utilized as part of email phishing scams.
The CPA has also acknowledged the fact that they discovered “unauthorized third parties” having obtained an amount of personal data through the Association’s website prior to this incident. This occurred between November 30, 2019 and May 1, 2020.
However, the CPA managed to immediately secure their systems after the cyber breach as well as conduct a comprehensive assessment to determine what information may have been compromised.
Cyberattackers specifically target professional organizations such as accountants and accounting firms because of the amount of personal information they handle on a regular basis in their databases.
After acquiring the personal information, cyberattackers can then utilize the data for illegal means such as identity theft, fraud, email scams/phishing, and further cyber scams to other organizations.
With the cyberattack on the CPA, the compromised information of their members and stakeholders could mean that the cyberattackers can pose as such accounting professionals in order to scam other people into giving up their own personal information as well.
The cyberattackers are able to achieve this because of the nature of the work of the accounting professional whose information they have stolen and are now falsely identifying as when interacting with their next victims.
The cyberattackers know that by posing as a professional accountant, they can more easily scam and steal information from people by leveraging the professionalism and trust that accountants are often associated with. Due to the nature of their work revolving around confidential information of their clients, many people may not give much second thought to giving up their personal information should they receive a request from someone who appears to be a professional accountant.
What’s more, should a cyberattacker successfully attack a client’s own cybersecurity system through the impersonation of a professional accountant, they now have even more access to a wider network of even more confidential information they can confiscate and take advantage of.
In turn, should a client have their own cybersecurity systems breached through the association of a professional accountant, the trust and professionalism associated with said accountant would no longer be upheld, even if the accountant does not realize that their information has been illegally used by cyberattackers for malicious reasons.
Being part of an industry that is associated with the traits of professionalism, trustworthiness, and reliability, accountants and accounting firms should take the utmost care to ensure they protect their clients’ confidential information.
As such, the best way to protect yourself and your firm as a professional accountant is to ensure your cybersecurity systems are well secured through regular cyber assessments.
With the increased usage of technology in people’s lives to stay connected while mostly working from home, cybersecurity threats have also become a growing issue and require proper assessments to manage any security gaps and risks that can harm your business.
Therefore, it’s important to conduct proper cyber assessments to mitigate the possibility of having your company’s cybersecurity system breached.
Get a FREE Cyber Risk Assessment to see if you're properly protecting your business from cyber risks: