Security must be both a priority and a habit.
By Ranica Arrowsmith
Accounting Firm Operations and Technology Survey
As the profession faces a future filled with the promises of artificial intelligence, machine learning and ever-increasing automation, it’s easy to forget a key point: Without security, technology can come back to bite you.
MORE FROM AFOTS: Lions and Tigers and Blockchain and Bots, Oh My!
Exclusively for PRO Members. Log in here or upgrade to PRO today.
In January this year, the IRS alerted corporations to an emerging problem of W-2 email phishing scams, a problem that had been seen in previous years, but not at this scale. Early on, more than 120,000 people and 110 organizations had been confirmed victims, with many more expected.
W-2 phishing is just one example of the many vulnerabilities accountants and their clients have to be on the lookout for; they also need to be aware of fake QuickBooks invoices and TurboTax attacks, as well as the usual email hacking attempts aimed at gaining access to financial information. Firms that deal with hundreds of clients’ sensitive information – particularly firms that perform tax services – are especially at risk.
But some accountants are paying attention. It’s encouraging that according to this year’s AFOT data, a growing number of firms are acknowledging that security is the biggest challenge they will face in the upcoming year. This year, 29 percent of firms say that’s their biggest challenge, up a full 10 percentage points from last year. The small drop in malware attacks experienced by participating firms since the last survey may be a reflection of that increased focus.
Becoming a more tech-focused firm necessarily means becoming a more security-conscious firm. It’s ironic that as accounting professionals free themselves from the burden of paper with electronic solutions like client portals and document management software, they take on the new burden of cybersecurity. But as it was with cloud adoption, the most important step is deciding to take it seriously. The rest – a matter of installing the right security software, hiring the right experts and staying vigilant to signs of online attacks – is easy.
Simple steps like installing antivirus software are no-brainers, and this year’s report shows that firms are protecting themselves this way with positive results. Firms are also decreasing their use of extremely insecure backup methods like removable USB drives, and moving more toward web-based backup systems. However, other, more subtle signs indicate that there may be gaps in knowledge, and that some level of complacency may be setting in that is putting firms at risk. For instance, this year shows an increase in large firms responding that they are “unsure” how often they replace their servers, possibly indicating that managing partners are becoming less aware of how best to maintain the security of their servers.
A final note: The promise of blockchain, the hypersecure distributed ledger technology platform, is that accountants will eventually have a much easier time exchanging information electronically without fear of malicious attacks. The Big Four are leading the charge into this new way of navigating the cyber world, with Deloitte establishing a blockchain research lab in New York this year; and presently, PwC offers DeNovo, a platform that provides proprietary blockchain and cryptotechnology content. But until blockchain lives up to its promise, the profession must make security a habit, a priority and part of its DNA.
Ranica Arrowsmith is technology editor for Accounting Today. She previously covered medical technology for Medical Design Technology, Medical Product Outsourcing and Orthopedic Design & Technology magazines. She holds a bachelor’s degree in English literature and psychology from Fairleigh Dickinson University and a master’s degree (EBD) in international literature from Montclair State University.
