Connect with us

Accounting

5 cybersecurity best practices for accountants

Published

on

There are striking similarities between the roles and responsibilities of accountants and cybersecurity professionals, particularly in their need for precision, data protection, and thorough scrutiny before adopting new technologies. Both are working with sensitive information in highly regulated environments, making trust a cornerstone of client relationships. 

As digital landscapes evolve and cyber threats become increasingly sophisticated, accounting professionals must prioritize solutions to combat this and expand their skill sets to include a proficient understanding of cybersecurity. By learning about and incorporating cybersecurity best practices into their firms, accountants can work to protect clients’ sensitive information while boosting their technological skills in an ever-growing digital world. 

Here are five cybersecurity best practices that can help accountants enhance and maintain client trust. 

1. Evaluate and vet third-party vendors and technologies. One of the first steps toward developing a comprehensive understanding of your potential cybersecurity risks is assessing your tech vendors — both the ones your firm is already working with and any that you consider for future work. Their cybersecurity practices have a direct impact on your firm, regardless of how safe and secure your own systems are. 

Find out if the vendors you work with have clear plans in place to not only protect from cybersecurity threats but also to quickly fix any problems that arise. Additionally, if your firm is working with multiple vendors and utilizing multiple platforms, determine how well they work with each other to ensure proper coverage.

2. Adopt a security-minded approach as part of firm culture. Accounting firms manage vast amounts of financial information for their clients, and this makes them a prime target for cybercriminals. 

While cybersecurity is not an accountant’s main job, it is important for all firm employees to take an active role in staying vigilant and knowing how to identify potential security threats. Phishing attacks remain one of the most common methods of cybersecurity intrusion since these attacks rely on human error — the area that is most vulnerable to a lapse in security.

p1a4dgvv3o1i4shms1kdo1hnr18fpe.jpg

3. Address human error quickly and completely. We’re all human, and we all make mistakes. Therefore, human error is still one of the most common ways for cybercriminals to bypass security protocols and gain access to protected information. Accounting firms need to make sure all employees are up to date on the latest cybersecurity protocols, and this information should be updated with regularity. 

Some common steps that can be taken include:

  • Hosting company-wide trainings to educate employees about cybersecurity best practices.
  • Limiting employee access to certain data and requiring different levels of permission to keep data secure.
  • Adding multiple levels of security — such as multifactor authentication or physical passkeys — to make it more difficult for bad actors to access sensitive information.

4. Prioritize process automation and security integration. Having a dedicated security team to provide regular updates to employees and handle any threats that arise is critical to protecting internal and client data. 

An internal security team is ideal because they will know firsthand — and in greater detail — what needs to be protected and which controls to implement, but for smaller accounting firms a virtual chief information security officer can be just as proficient for vetting, implementing, and maintaining and implementing cybersecurity solutions. Leaders will have to consider what makes the most sense for their firm, including whether or not workers are remote, in-office, or working in a hybrid capacity. 

Once a solution is identified and implemented, prioritize a comprehensive onboarding process to make these new processes and procedures as efficient and effective as possible.

5. Develop and implement risk management plans. As the cybersecurity landscape continues evolving, it will be necessary to maintain an understanding of where improvements can be made and where risks may be inadvertently introduced. The key for managing risk is to think proactively about gaps and risk vectors.  In some instances, this may require investments in new solutions if legacy systems cannot keep pace with necessary enhancements. While this may sound costly, it is certainly less than the costs — both monetary and reputational — of a data breach.

For firms looking to update or overhaul their tech stacks, this provides an opportunity to consolidate disparate systems into fewer, multifunction solutions. This kind of consolidation aids in cybersecurity efforts by reducing the number of different locations where data is stored — therefore reducing the amount of locations where an intrusion could occur.

Conclusion

While learning and implementing cybersecurity may sometimes present as a challenge, accountants should remember that they don’t have to do it alone. Cybersecurity professionals and trusted partners are there for support — be it with implementing new systems or dealing with a potential hack. Having a proactive approach to cybersecurity is in line with what it means to be an accountant — a trusted advisor and agent of client’s sensitive data.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Accounting

Report calls for fair value accounting on federal loans

Published

on

The National Taxpayers Union Foundation issued a report Friday saying that federal credit programs are costing taxpayers tens of billions of dollars more than estimated because the federal government isn’t using fair value accounting for loans.

The report says that In FY 2025, total federal credit assistance is projected to amount to $1.9 trillion in new direct loans and loan guarantees from 129 different federal programs. Much of this comes through mortgage guarantee programs, student loans, as well as commercial loans and consumer loans. 

Using the federal government’s standard accounting method under the Federal Credit Reform Act the subsidy cost estimate amounts to $2.4 billion. However, the conservative advocacy group contends the FCRA accounting method greatly understates the actual costs of federal credit programs by assuming that federal credit activities are as low-risk as government bonds. It said the Treasury rates are low-risk because they’re backed by the government, but federal credit programs depend on people and businesses actually paying back their loans. 

us-capitol-washington-dc.jpg
The U.S. Capitol in Washington, D.C.

Sarah Silbiger/Bloomberg

A more realistic fair-value method that accounts for market risk would incorporate a premium that reflects the additional compensation an investor would require to bear the risk, the report argues. The fair-value method would estimate the true cost of these programs at $65.2 billion, or $62.7 billion more than the FCRA estimate. 

“By adopting fair-value accounting standards, lawmakers can better evaluate the fiscal risks associated with these programs,” NTUF researchers Demian Brady and Nicholas Huff wrote in the report. “This may help ensure taxpayers are not forced to bear as much of a burden from risky ventures funded by federal loans.”

Continue Reading

Accounting

Taxpayer Advocate criticizes IRS move to shorten third-party notice requirements

Published

on

National Taxpayer Advocate Erin Collins is objecting to proposed regulations that would enable the Internal Revenue Service to shorten its third-party notice requirements to as little as 10 days, saying they would unfairly erode the taxpayer notice requirements.

In a blog post Thursday, Collins called attention to a notice of proposed rulemaking that would make exceptions to the 45-day notice requirement in the Taxpayer Protection Act of 2019 and the IRS Restructuring and Reform Act of 1998. The 1998 law included provisions giving taxpayers more protections in circumstances when the IRS intends to contact someone other than the taxpayer (a third party such as a tax preparer) to get information that will help the IRS assess or collect taxes. Prior to contacting a third party, the IRS had to provide taxpayers with “reasonable notice” of the contact.

In 2019, the Taxpayer First Act strengthened 1998 law’s taxpayer third-party contact protections, substituting the “reasonable notice” requirement for a 45-day notice requirement before contacting a third party. Collins noted there are three statutory exceptions to this 45-day notice requirement:

  • When the taxpayer authorizes the contact;
  • If the IRS determines for good cause a notice would jeopardize tax collection or may involve reprisal against any person; or,
  • If the contact is made with respect to any pending criminal investigation.

However, the proposed regulations that the IRS posted this spring would implement exceptions to the 45-day notice requirement, allowing the IRS to shorten the statutory 45-day notification period to 10 days when there’s a year or less remaining on the statute of limitations for collection and certain other circumstances exist. That includes when the case involves an issue where the IRS would have the burden of proof in a court proceeding, and the IRS has requested but the taxpayer has refused to extend the statute of limitations by agreement. Or, the 45-day notice requirement could be reduced to 10 days if there’s a year or less remaining on the statute of limitations and the IRS intends to ask the Justice Department file suit to reduce assessments to a judgment or to foreclose a federal tax lien.
Those exceptions could unfairly punish taxpayers for the IRS’s own delays, according to Collins. 

“The IRS typically has three years to assess additional tax and ten years to collect unpaid tax,” she wrote. “The Taxpayer Bill of Rights includes the taxpayer’s right to finality — meaning, the right to know the maximum amount of time the IRS has to audit a particular tax year or to collect a tax debt. The statute of limitations is an important component of the right to finality because it sets forth clear and certain boundaries for the IRS to act to assess or collect taxes.”

collins-erin-irs-aicpa-tax-conference.jpg

National Taxpayer Advocate Erin Collins speaking at the AICPA & CIMA National Tax and Sophisticated Tax Conference in Washington, D.C.

She believes the IRS could find itself trying to assess or collect taxes within one year of the statute of limitations for a number of reasons that have nothing to do with the actions or events controllable by the taxpayer. Collins called on the IRS to reconsider the proposed regulations and said Congress should consider enacting additional taxpayer protections for third-party contacts.

Continue Reading

Accounting

PCAOB settles sanction, revokes Chinese firm’s registration

Published

on

The Public Company Accounting Oversight Board today settled a disciplinary order sanctioning  a Chinese firm for repeatedly violating PCAOB rules and failing to cooperate with the board’s investigation. 

The PCAOB found that JTC Fair Song CPA Firm, located in Shenzhen, China, repeatedly failed to make required filings. First, the firm repeatedly failed to timely report the participants in its issuer audits on PCAOB Form AP, violating PCAOB Rule 3211, Auditor Reporting of Certain Audit Participants. Second, the firm failed to timely file its annual reports on PCAOB Form 2 in 2021, 2022 and 2023, violating Rule 2201, Time for Filing of Annual Report. 

The firm also failed to cooperate with the PCAOB’s Division of Enforcement and Investigations by refusing to produce documents and information.

PCAOB logo

“All registered firms must comply with PCAOB reporting requirements, which are designed to provide the PCAOB, investors and other stakeholders with important information,” PCAOB chair Erica Williams said in a statement. “When firms don’t comply, the PCAOB will use the tools at our disposal to hold them accountable to fulfill our investor-protector mission.”

Without admitting or denying the findings, JTC Fair Song CPA Firm settled with the PCAOB and consented to a disciplinary order censuring the firm and revoking the firm’s registration. The board accepted the firm’s settlement offer, which does not require it to pay a civil money penalty. The PCAOB would have imposed a $50,000 penalty if it had not taken the firm’s financial resources into consideration.

“Today’s order should serve as a stark reminder that firms must cooperate with the Board’s investigatory process,” Robert Rice, director of the PCAOB’s Division of Enforcement and Investigations, said in a statement. “Cooperation with the Board’s processes is a bedrock principle under our rules and standards and is not optional.”

Continue Reading

Trending