Respond to post below

· All posts (both initial and responses) must be substantial (several paragraphs each) and each of your initial posts must be supported by 3 peer reviewed or authoritative sources, not including the textbook, cited properly in APA format.

Discussion Topic Covered:

Review the video and using the library or other authoritative sources, discuss the importance of cyber security as new technology is introduced. Include in your discussion topics such as the basics of cyber security that impact the accounting profession, how you see the role of accountants changing as cyber security becomes more important and what new technology you found that will enhance cyber security.

Respond to this post:

In an increasingly technological world, where the amount of data collected and stored in clouds, computers, and other devices is also increasing, many of them representing sensitive information, from medical, financial, corporate, government, to military, cybersecurity has become an indispensable discipline.

Both organizations and individuals need to secure their computers, networks, mobile device, and the data stored on those devices from cyber-attacks. Cyber-attacks can be designed to erase or access the sensitive information of organizations and individuals and are often used to extort money from them. The consequences of cyber-attacks can be devastating and destroy important projects in areas that affect not only individuals but also countries or even the entire world.

Accounting firms are one of the preferred targets for cyber-attacks because of the financial and personal information of their clients that they have access to, and that they stored. We might think that large firms are the most affected, but in fact, small and medium-sized ones are more vulnerable. “Small and medium-sized accounting firms are often deliberate and primary targets for data theft. This is because they often host sensitive client data and can act as gateways to larger or more prominent parties. They also often lack the sophisticated defense infrastructure of larger firms. That’s why it’s more important than ever for accounting firms to understand which risks they might be vulnerable to, and to take steps to protect themselves.” (Politzer, 2020)

Some of the biggest cybersecurity threats observed today, that can result in criminal activity and impact accounting firms, include outdated or unpatched software — operating systems, software applications, browsers, firmware and middleware, anti-virus software, endpoint detection and response solutions that can leave firm’s systems open to attacks, and data breaches caused by employees, especially when personal device use for work-related activity is permitted. Former employees can also be a threat if IT termination processes are not well defined and rigidly practiced. Other weak points can include single-factor authentication protocols and weak passwords that can be uncovered with automated tools that use a combination of dictionary words and numbers to crack them and weak perimeter defenses. (Needleman, 2020)

There is no single security measure that protects against all cyber-attacks, so the best choice is to create a solid defense plan that uses several methods. It is not just about relying on technology to protect the business or organization, it is also very important to educate employees, because many times they are inadvertently the access point for cybercriminals, through email phishing attacks. Recently, I received an email in my work email signed by the president and CEO of the company where I work, inviting me to enter a link to provide him with information that he urgently needed. My first reaction was to want to give him that information as quickly as possible to make a good impression on him, but seconds later I began to question the email. The president of the company does not jump steps, if he needs information from the department, he requests it to the Director of it, and she then delegates the report to her subordinates, in this case, me. With that seed of doubt sown in my mind, I then decided to analyze the email in detail and that was how I discovered the scam. The president’s name was misspelled, and the email address had nothing to do with the company’s domain. I immediately informed the IT department; they took all the information to do their research and told me to delete the email. The IT director told me that I had done the right thing since most of the times that hackers had accessed company information was through links in emails that employees had innocently accessed.

Human error is too frequently the weak link that allows a security breach to take place. Errors occur when a careless user downloads a malware-infected attachment, fails to use strong passwords, or improperly handles data. Education is key to closing human error gaps. (Emery, et al., 2020)

The First step for effective protection begins with prevention, and for this, it is necessary to train staff about the risks of cyber threats and explain the basic protection measures such as not opening emails from unknown or suspicious sources, and using strong passwords, among others. Then, network-wide security solutions must be implemented, such as a strong firewall, multi-factor authentication, limiting access to data on the network, and keeping anti-malware and anti-spam software up to date.

It is also very important to have a good backup regime, with real-time backups, full capacity replication, and that it can be physically removed from the network to ensure that in the case of a malware infection it is not also infected.

References:

Emery, D., & Stark, C. (2020, January 24). Technology Touchstones for 2020. The CPA Journal. https://www.cpajournal.com/2020/01/17/technology-touchstones-for-2020/.

Needleman, T. (2020, March 5). Cybersecurity: Staying vigilant and safe. Accounting Today. https://www.accountingtoday.com/news/cybersecurity-staying-vigilant-and-safe.

Politzer, M. (2020, March 16). Top cyberthreats targeting accounting firms. Journal of Accountancy. https://www.journalofaccountancy.com/newsletters/2020/mar/top-cyberthreats-accounting-firms.html