Understanding Cyber Risks for Smaller Accounting Firms
NOTES & NEWS
Understanding Cyber Risks for Smaller Accounting Firms
On February 1 , 35 members of CPABC ’ s Sole Practitioners ’ and Small Firms ’ forums gathered for a joint session on cybersecurity at CPABC ’ s offices in Vancouver . The session was facilitated by Edward Pereira , CPA , CGA , and Magdalena Dytuco , CPA , CGA . Pereira is the founder of Carmel Info- Risk Consulting Group , which specializes in helping small and mediumsized firms — particularly those without dedicated information security functions — establish and sustain best practices for information security . He has served on the board of the ISACA 1 Vancouver Chapter , including as president , and is the co-founder of ISACA Vancouver ’ s “ BC AWARE Campaign 2017 ,” a privacy and security awareness campaign for British Columbians . Dytuco operates Dytuco Financial Services , which provides financial coaching and internal controls consulting services , and is also active with the ISACA Vancouver Chapter .
1
Previously known as the Information Systems Audit and Control Association .
2
Claudiu Popa for CPA Canada , “ Cyber-Security Opportunities for Smaller Accounting Firms – Working Towards Better Practices and Safeguards .” PDF available for download at cpacanada . ca .
Pereira told attendees that small businesses must plan for survival in the event of a catastrophic cyberattack , given the various risks in the digital environment , including data breaches and ransomware . Dytuco shared a systematic way for smaller businesses to assess and address the most common types of cyber risk . The need for increased awareness is significant . In 2013 , CPA Canada conducted a study of information security practices among smaller accounting firms and found that “ small accounting firms disclosed a surprising lack of adoption for some basic IT security practices and had limited knowledge of proper protection .” 2 The study also revealed that although 81 % of respondents were confident about their security , “ respondents from accounting firms were more likely … to indicate their organizations were deficient in at least these three key areas : 1 ) backing up systems off-site , 2 ) changing passwords regularly , and 3 ) having someone responsible for reviewing user accounting privileges and user accounts periodically .” CPABC and ISACA Vancouver are continuing to work together and expect to hold a joint networking event in the summer .
Cybersecurity experts Edward Pereira , CPA , CGA , and Magdalena Dytuco , CPA , CGA , at the February session .
KrulUA / iStock / Thinkstock
Want to strengthen your network and your knowledge base ? Join a forum .
Forums provide opportunities to connect with other like-minded professionals , expand your network , and deepen your knowledge of issues pertinent to your field . To join one of our member forums , visit bccpa . ca / members / volunteer-andmentor / member-forums .
CPABC in Focus • Mar / Apr 2017 15