Artk Consulting Cyber Risk For CPA Firm
•Als DOCX, PDF herunterladen•
0 gefällt mir•365 views
CYBER RISK INFORMATION FOR THE CPA FIRM
![WHAT SHOULD YOUR CPA FIRM DO TO PROTECT ITSELF AND ITS CLIENTS FROM CYBER CRIME?<br />Cyber-crime is a catch-all phrase that encompasses hacking into computers, creating and spreading computer viruses, perpetrating online fraud schemes, and stealing trade secrets and other intellectual property. Cyber-crime lawsuits are on the increase, making insurance more important than ever. <br />As a CPA’s you also work as forensic accountants, meaning it is their job to detect fraud or other crime in the financial world. Some certified public accountants even use their expertise to design helpful computer software for to assist in detecting Cyber Risks.<br />By law, a CPA has the duty to protect our client data. It’s important that we understand our physical security risks, know what risk points exist for exposure of client data and enforce a plan WISP (Written Information Security Plan) to keep key systems properly updated and staff up to date on security best practices. <br />So what is a Cyber Risk? <br />A Cyber-risk began as an industry-specific need, mainly for e-commerce and Internet-related companies, but has now become main stream. New viruses, hackers, and denial of service (DoS) attacks, attempt to steal company information and sell it to the highest bidder. Computer network security and risk management issues is no longer the exclusive domain of companies doing business over the Internet, and today risks are not limited to outside threats or Internet access. <br />,[object Object]](https://image.slidesharecdn.com/artkconsultingcyberriskforcpas-12937254538648-phpapp02/85/Artk-Consulting-Cyber-Risk-For-CPA-Firm-1-320.jpg)
![Large percent of cyber attacks come from within the corporation by improper use of USB drives, incorrect downloading and Email procedures and disgruntle employees. Most incidents of cyber-crime go unreported because the individuals and businesses affected want to avoid the negative publicity. <br />Personal Information Privacy Policy (WISP) <br />Personal Information Privacy Policy what is Mass Bill 201 CMR 17?<br />The Massachusetts data security regulations require that businesses develop, implement and maintain a comprehensive written data security program to protect the quot;
Personal Informationquot;
of Massachusetts residents. The program contemplated under the regulations requires, among other things, identifying risks to Personal Information and evaluating safeguards, appointing an employee or employees to maintain the program, developing written security policies for electronic and physical files, and regularly monitoring the program. These regulations must be implemented even if security problems never arise. <br />Who does this affect?<br />All persons who store or manage Massachusetts residents' Personal Information are affected.<br />How do I know if I am affected?<br />If you or your business stores ANY physical files OR electronic data, which contain a Massachusetts resident's Personal Information, including data stored on computers, laptops, external media, Internet, or even in a filing cabinet, you are required to comply with the CMR 17 regulations.<br />Why was this law passed?<br />We have all heard about the data breaches experienced by large companies such as TJX and costs related to the security breach, including class-action litigation arising from the damages caused to the individuals whose identity was stolen. Small to mid-size businesses are not expected to take the same steps a company such as TJX would need to take in order to protect Personal Information. However, if there is an audit or a security breach, the chances of liability increase greatly for companies who did not take reasonable steps to comply with the law and regulations.<br />When is the deadline?<br />The deadline for WISP compliance is now March 1, 2010.<br />What is a WISP?<br />WISP is Written Security Information Program, which details steps you have taken and procedures you have implemented to ensure compliance with the CMR 17 requirements. This document will list person(s) responsible for keys to cabinets, policy procedures for storing and processing personal data, personnel security level on the network, anti-virus licensing expiration management, firewall administration and security level, and various aspects of the necessary documentations.<br />How do I become compliant?<br />Through a coordinated effort utilizing software and business processes, we can help you take the steps necessary to comply with 201 CMR 17.00, so to ensure that no one else will have access to your data! <br />Cyber Insurance, does your company need to have it?<br />,[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Empfohlen
Empfohlen (20)
Artk Consulting Cyber Risk For CPA Firm
- 3. Traditional business interruption policies focus on damage caused by fire or flood and do not consider Cyber attacks at all.
- 4. Cyber-insurance policies require higher premiums and deductibles because of challenges such as lack of quantifiable data on cyber-risk.
- 5. Depending upon the size of the company and the coverage required, premiums can run into the hundreds of thousands of dollars.
- 7. Business interruption, income, and expenses - These policies cover a company's loss of revenue and additional expenses caused by DoS attacks, viruses, hackers, and fraud. They may also cover a company's losses incurred as a result of disruption caused by the computer systems of others relied on.
- 8. Product or service failure - This cyber-coverage covers legal actions attributable to the failure of a product or service.
- 9. Extortion - Such a policy covers ransom for valuable information.
- 11. EncryptionMost states have breach notification laws, and nearly all of them waive the requirement for notification where data has been encrypted. Whole disk and USB-stick encryption are the two most common places where encryption can be used. Imagine all of the free press you could get just by having an auditor lose their USB-memory stick.We encourage you to consider this list, as well as additional policies like third-party connection, acceptable use, and incident report, to ensure your firm is adequately protected on all fronts. Above all, make sure your firm actively enforces the policies and standards you establish because, no matter what kind of security you have in place, your firm is only as safe as your weakest line of defense<br />Data loss, ID theft top malpractice concerns!<br /> “We have even seen CPA client information stolen via dumpster diving.quot; <br />In a rough economy, when liability claims against accountants tend to rise, it's especially critical for CPA firms to know exactly what their policy covers and to make any necessary adjustments. <br />quot; The hard issue right now is data loss, and every carrier is addressing it differently,” quot; For example, the American Institute of CPAs program and CPA Gold have both put out a cyber-security endorsement to their policies as a rider. Travelers took a different approach and just made changes to their base policy. Philadelphia has an endorsement which is sold as an additional premium, while some have not addressed the issue but are examining it to determine their position.quot; <br /> “The issue of data loss is becoming commonplace:” <br />quot; We're seeing it on a weekly basis with potential claims coming in as a result of stolen laptops, security breaches, and the like. It can result in significant costs to accounting firms just to notify current and past clients when something like this happens believe us the last thing you want is to send out a letter to 3,000 people that they may be victims of a security breach because of you.quot; <br /> <br />