CPA Practice Advisor

APR 2015

Today's Technology for Tomorrow's Firm.

Issue link: https://cpapracticeadvisor.epubxp.com/i/494869

Contents of this Issue

Navigation

Page 41 of 43

42 April 2015 • www.CPAPracticeAdvisor.com BRIDGING THE GAP By Jim Boomer, CPA.CITP Risk Based Approach Gartner lists R isk-Based Securit y and Sel f-Protection in its Top 10 St rateg ic Tech nolog y Trends for 2015 and states, "Organizations will increasingly recognize that it is not possible to prov ide a 10 0 percent secured env ironment." This indi- cates we need to think diferently about security than we have in the past. Traditionally, organizations have spent most (if not all) of their security budget on the goal of risk el i m i nat ion . I n tod ay 's env i ron- ment, you have to adjust to more of a r isk management approach and broaden the focus beyond simply prevention. A Balancing Act Te IT department is charged with keeping the frm's systems and data sa fe a nd t hat responsibi l it y con- tinues to become more challenging as IT is increasingly being asked to perform a balancing act. The first balance area is between prevention and mitigation/response. More and more CIOs are recognizing that as Ga r t ner pred ic t s, it is becom i ng difcult (if not impossible) to ensure that we don't fall victim to a cyber- at t ac k . A s s uc h, f i r m s a re bei ng f orc e d t o a l lo c at e t he i r l i m it e d resources between keeping hackers out and developing a rapid response plan in the event they do get in. Second, IT is being asked to walk the tight rope in fnding the right e q u i l ibr iu m bet we en t he f i r m's security requirements and end user's demands. W hile felding demands for greater frm security, IT is also bei ng pushed to i nc rea se conve - nience and ease of use of the tech- nolog y tools. Ofen, these two are p o l a r o p p o s i t e s a n d w i t h t h e i ncreased consu mer izat ion of IT a nd g row i ng BYOD pol icies, t he exposure to easy-to-use consumer p r o d u c t s i s s t r e n g t h e n i n g t h e demand for the same in the work- place, of ten at the ex pense of the security of the frm's data. For both of these balancing acts, there is no mag ic for mu la for the r i g h t a l l o c a t i o n o f f o c u s a n d resources. Te split w ill need to be de t e r m i ne d b y e a c h f i r m on a n indiv idual basis depending on the level of r i sk t he f i r m a nd I T a re w i l l i n g t o a s s u me . T he le v e l of p r e p a r e d n e s s t o a p p r o p r i a t e l y ha nd le a n i ncident w i l l a lso play into this decision. Less Likely to Be a Target A lot of sec u r it y c r it ic i sm tod ay centers on the cloud and the fact that the client is a bigger target. Tis is primarily driven by the amount of coverage that cloud breaches receive in the media. Te reality is that we are at high risk whether our frm is in the cloud or remains On-Premise. Take the recent examples of Target a nd Home Depot , bot h of t hese massive breaches happened w it h in-house systems and data. Te other argument I hear ofen is that we are less likely to be a target b e c a u s e w e a r e a mu c h s m a l le r organization than the major corpo- rations that are regularly geting hit. To this I would submit that small organizations are also geting tar- geted as much (if not more) than the big guys. Tey just don't make the head l i nes. W h i le t hey a ren't t he badge of honor that a Microsof or Google would be to hackers, small frms ofen present a less sophisti- c a t e d s e c u r it y s y s t e m a nd t a k e lon ge r t o de t e c t a bre a c h . T h i s widens the window of opportunity f or w h ic h s e n s it i v e d at a c a n b e siphoned f rom t he orga n i z at ion before the breach is discovered. Conclusion W h i le it may appea r t hat it is a l l doom and gloom around securit y these days, the fact is that we can start taking steps to beter plan and prepare ourselves. By approaching the challenge from a risk-manage- ment perspective, we can prioritize our investments in prevention and also star t to al locate resources to prepare for mitigation and response. I t s i m p l y r e q u i r e s a c h a n g e i n thinking about the problem. 4 2 A p r i l 2 0 1 5 • w w w . C P A P r a c t i c e A Jim Boomer is a shareholder and the CIO for Boomer Consulting , Inc. He is the director of the Boomer Technology Circles™ and an expert on managing technology within an accounting frm. He also serves as a strategic planning and technology consultant and frm adviser in the areas of performance and risk management. In addition, Jim is leading a new program, Te Producer Circle, in collaboration with CPA2BIZ and the AICPA. jim.boomer@cpapracticeadvisor.com S ecurity has been a top priority for frms for years. It has con- sistently ranked at or near the top of the AICPA's annual top technology initiatives. So why does it seem there is more chater now on the topic than in recent years? Te fact is, we can't read today's headlines without regularly coming across another breaking story about the latest major security breach. Add in social media and we feel like we are under constant atack. So what can you do about it? Security - A Balancing Act for Accounting Firms

Articles in this issue

Links on this page

Archives of this issue

view archives of CPA Practice Advisor - APR 2015