It is critical that accountants be up to date and aware in the area of cybersecurity to safeguard the client and corporate financial information.
Poor communication between managers and the application of fundamental risk management cybersecurity practices needs to be applied more consistently throughout a large percentage of firms.
One of the main problems is that convenient practicality does not add up to security. A good example is working through an unsecured WI-Fi network because it’s there and available, with no thought that a cyber-criminal is in fact waiting to take advantage of the situation.
Not saying that accounting professions don’t take this seriously as do most financial professionals because they are trusted with this information. But we are at a point, that almost daily you hear about a fortune 500, government body or some other organization that has been breached. I personally have observed some sort of disconnect in the mid-size to smaller accounting firms where a breach could be catastrophic in the terms of reputation, loss, and actual business survival.
In the case of auditors they seem more concerned about cybercrime (58 percent for auditors compared with 48 percent for accountants). Only 27 percent of accountants felt their firms adhered to Control Objectives for Information and Related Technologies standards, whereas 43 percent of auditors believed their firms followed the standards.
This shows several contradictions between the realities of day-to-day practice and the theory of cybersecurity best practices.
With easy to install and use solutions such as secure data transfer one would have to ask themselves why would those percentages not be much higher. Especially when dealing with sensitive client and corporate financial information.