Today's Technology for Tomorrow's Firm.
Issue link: https://cpapracticeadvisor.epubxp.com/i/160971
By Roman H. Kepczyk, CPA.CITP TECHNOLOGY IN PRACTICE The In-Firm Annual IT-Security Employee Briefng M ost organizations today assume that their IT personnel do an adequate job of protecting the firm's net work and data by implementing and monitoring frewalls, keeping their operating systems/applications up to date, and mandating password changes on a scheduled basis. While each of these items may be security best practices for protecting the network from an information technology perspective, Verizon's 2013 Data Breach Investigation Report pointed to 78 percent of network security intrusions rated as "low difculty" and the 76 percent of network intrusions exploited weak or stolen credentials, pointing to employees inadvertently being one of the root sources of security breaches. Te solution to addressing this problem is to make owners aware of their fiduciary responsibility in protecting frm and client data and to proactively develop a plan to minimize the risk of a breach caused by an employee mistake. Firms can accomplish this by making sure management is fully aware of IT sec u r it y r i sk s, rev iew i ng a nd updating frm policies regularly, and e duc at i ng a l l f i r m per son ne l through annual briefngs and regular reminder training. RISK AWARENESS: Information security has been the number 1 or number 2 item on the A ICPA's annual Top Technology Initiatives list for over a decade and the 2013 AICPA Survey also listed Managing IT Risk and Compliance at number FIRMS CAN ACCOMPLISH THIS BY MAKING SURE MANAGEMENT IS FULLY AWARE OF IT SECURITY RISKS, REVIEWING AND UPDATING FIRM POLICIES REGULARLY, AND EDUCATING ALL FIRM PERSONNEL THROUGH ANNUAL BRIEFINGS AND REGULAR REMINDER TRAINING. 3, Ensuring Privacy at number 4, and Preventing and Responding to Computer Fraud at number 6. Te Verizon Data Breach report pointed out that 75 percent of securit y breaches were driven by fnancial motives and accounting frms are an atractive target, which was highlighted earlier this year when a Connecticut firm's security was breached and data from over 900 client returns compromised. Owners must know and understand what signifes a data breach in their own state, have a plan to mitigate and respond to a breach, and ensure employees know how to minimize the risk as well as how to respond if they do suspect a breach. Te AICPA's IT Membership sect ion has developed content to address the risks and there are many disaster and security resources Roman H. Kepczyk, CPA.CITP, is Director of Consulting for Xcentric, LLC. and works exclusively with accounting firms to implement today's leading best practices and technologies. Roman recently updated his "Quantum of Paperless: A Partner's Guide to Accounting Firm Optimization," which is available at Amazon.com and a Certified Lean Six Sigma Black Belt. September 2013 • www.CPAPracticeAdvisor.com 33