IT Solutions Banner

We are proud to announce that we are rebranding and will be operating under a unified name: IT Solutions Consulting!

Over the coming weeks, CHIPS Technology Group’s digital presence and collateral will be retired on all platforms, except for our website—the CHIPS website will remain active to eliminate disruption and ensure convenient access to the resources you have come to know, like your Client Portal and Chat.

Questions or want to learn more? Feel free to contact your vCIO or reach out to

Definitive Guide – CPA Cybersecurity

Share This Post

CPA firms are entrusted with vital client financial information. This trust comes with an inherent level of responsibility to protect privileged information and ensure that it is secure. You may also have a legal obligation to do so, depending on your area of service.  With that in mind, having adequate cybersecurity for your CPA firm is a must. Failing to do so can result in significant losses and compounding financial consequences for your firm and your clients. 

From July 2018 to April 2019, the worldwide average cost of a cyber-attack-related data breach was nearly $4 million. For smaller organizations that employ under 1000 employees, this figure was $2.65 million. Larger firms experienced nearly double the losses, with an average cost of $5.11 million, according to an IBM report

What Does CPA Cybersecurity Mean for your Firm? 

Generally speaking, cybersecurity is a broad term that refers to a suite of different services and tactics that are used to protect your data from a breach. Hackers can utilize a wide array of attack vectors to access your client’s information. This means that your cybersecurity approach has to be multifaceted, as well. 

Cybersecurity for your firm will involve the use of tools and services such as managed services and managed security services, which includes next-gen anti-virus software, managed endpoint detection and response, and multi-factor authentication. A successful cybersecurity program will also include the development of training and policies to govern employee conduct. You must also test your software with phishing and penetration testing on a regular and ongoing basis, at a minimum yearly. These practices are key parts of maintaining security within your organization. 

How Can Hackers Breach My Firm’s Data? 

The goal of hackers is to acquire sensitive or confidential information that can be used for profit. They use malware and social engineering to accomplish this. Malware is a blanket term for any software that seeks to act maliciously against another server, network, or computer, while social engineering can be broadly defined as exploiting or manipulating a person to gain sensitive information or access into a system. 

Here are some of the most common forms of malware and social engineering that could potentially be used against your CPA firm: 

The average cost of remedtiating a ransomware attack is $761,106


As you might have guessed, ransomware works by restricting your access to vital data until you pay a fee or ransom. The most common way of distributing ransomware is through email. The software is included in an attachment or as a link within the body of the email. If an employee opens the attachment or clicks on the link, they will unwittingly distribute the ransomware. One of the most infamous, and profitable, strains of ransomware was WannaCry. It has been estimated that WannaCry, infected over 200,000 systems worldwide and caused over $4 billion in damages in only one month. 


While any data breach can be extremely costly, ransomware can be especially frustrating. Based on information collected by IBM, it was determined that ransom amounts range from $100,000 for smaller firms to $2.6 million for larger firms. To make matters worse, there is no guarantee that you will get your data back, even if you pay the ransom. 


Another common ploy used by hackers is known as phishing, a form of social engineering. Like ransomware, phishing breaches are accomplished through email. They are formatted so that they appear to be from a known contact or trusted company. The goal is for the receiver to reveal personal information that may assist the hacker in obtaining passwords, credit card numbers, and banking details. 

There are two sub-types of phishing, which are known as whaling and spear phishing. The term whaling refers to the specific targeting of executives, as they are more likely to have high-value information. Spear phishing occurs when the hacker researches their target and personalizes the email. They often claim to be someone from the target’s contact list and may ask for help in dealing with some fictitious hardship. 

A recent high-profile spear finishing attack involved Sony, where a group of attackers used popular social platforms to gather information, such as employee names, titles, and email addresses. Armed with that information, the attackers posed as company colleagues and were able to successfully carry out the cyberattack, which caused Sony $100 million in damages. 

75% of organizations around the world experienced some kind of phishing attack in 2020

Vishing and Smishing 

Similar to phishing, both vishing and smishing are forms of social engineering where attackers are trying to gain access to sensitive information and data, however, the technology used by the attackers is different. 

With Vishing, attackers target their victims over the phone. The attackers will manipulate human emotions, such as fear, empathy, or greed to get the sensitive information they want. The attacker may also use a spoofed caller ID, masking their true identity. One of the most prolific examples of vishing is IRS impersonation calls. Another common type of vishing scenario, and more dangerous for CPA firms, is when the attackers impersonate someone from the IT Department.  

With Smishing, attackers are using SMS to target their victims with the same goal in mind, to gain sensitive information. The most common smishing attacks will be attackers claiming to be your bank or a large company. The message will indicate there has been an issue with the victim’s account, and the victim will need to click on a link to correct the issue. That link will redirect the victim to a malicious website and upon entering their credentials, the attack has succeeded.  


Spoofing is interchangeably referred to as “man-in-the-middle” and can be especially dangerous to CPA firms. During a spoofing attack, hackers will hijack the communications between you and your clients and often pair this attack with ransomware or phishing.  

Insider Threats

Insider threats are a means of completely circumventing certain cybersecurity measures, such as firewalls. This type of breach occurs when a trusted party copies vital company information that can cause financial damage. 


The “insider” could be an employee, contractor, or disgruntled former employee. These types of threats must be addressed through adequate training and good internal security practices. A highly publicized example of insider threat was the Target hack, where one of their vendors who had access to data, was compromised.  Because the vendor had access to data and bypassed security, the attackers had direct access to data. This is an event I will never personally forget because I had fraudulent charges posted to my credit cards. 

Network Security Gaps

Network security is a broad term. Essentially, it means all of your network devices and network traffic is protected against attacks. With poor network security or unmanaged devices, your network could be exposed to an attacker gaining quick and easy access to your network and data. 

68% of business leaders feel their cybersecurity risks are increasing

One of the most common examples of network security is working remotely. If you are connecting to your office or your cloud applications remotely for data, how secure is that connection? How do you prevent malicious attackers from connecting to your office, or your cloud applications? Can you audit the connection to see who has been logging in and when, and what data they were accessing?  

Malicious Mobile Apps 

Mobile apps are becoming more and more feature-rich, with many that perform just as well as desktop apps. Just look at popular apps such as the Office 365 Suite and QuickBooks. For most users and use cases, 90-100% of their day-to-day work can be done on a mobile device. It is this shift in how we work that is causing a shift in where cyberattacks are happening. 

Mobile devices can be compromised by the same threats that attack desktops and laptops, including spyware malicious downloads, viruses and trojans, and browser exploits.  Once a device has been compromised, all exploits operate the same way and target personal information and account credentials. By granting access permissions to mobile apps, you could be allowing the app to harvest data, which can be sold or used for another attack. For example, if you granted an app rights to access your SMS, the app can intercept all of your multi-factor authentication codes, which completely negates the additional layer of security provided by MFA. 

Physical Access Security

Lastly, attacks can happen due to a lack of physical security. No guide will be complete without addressing physical security. Simply put, a physical security threat is a situation where an attacker has physical access to sensitive information. This can include everything from papers on your desk, your file cabinets, your IT closet, your laptop, and your mobile device. 

Fingerprint scanning is the most common type of biometric authentication

These attacks can happen in your office or your home.  According to a survey from Kensington, a laptop is stolen every 53 seconds. One of the most recent high-profile events involving laptop theft was at the US Capitol, where laptops were stolen to sell the laptop, with data, to a foreign government.  

Why Are CPA Firms Targets for Attack? 

The primary goal of most cybersecurity attacks is to acquire valuable information. Since CPA firms handle client accounts and financials, they present a ripe target for hackers. Your firm also serves as a repository for personal information that can potentially give hackers access to additional accounts. 

CPA firms not only have the information that hackers want, but they typically have a large number of clients. It is not uncommon for a CPA firm to have one professional for every 50-100 clients. When large client counts are paired with poor or inadequate cybersecurity training, the chance for human error is compounded. All it takes for cyberattacks to be successful is for one employee to open a malicious email. 

Why a CPA Firm Needs to Address Cybersecurity 

CPA firms are first and foremost a service-based industry. As with any service industry, your success is dependent upon client satisfaction. With that in mind, addressing cybersecurity will allow you to best serve your clients both now and in the future. 

When your client knows that you take cybersecurity seriously, they will have the confidence necessary to trust you with their valuable information. You can also protect your data and assets along the way. 

As mentioned above, the costs of a data breach can easily exceed $1 million. While this figure alone is enough to encourage you to address cybersecurity concerns, there are many hidden costs associated with a major breach. If your firm is the victim of a data breach, you will likely face substantial litigation expenses and lost time. Client trust can also be irreparably damaged. 

Litigation Costs Malware claims, including randomware, have risen to 18 percent of all cyber claims in 2019, up from an average of 12 percent over the past five years

Many firms attempt to insulate themselves from cyber-attacks with cyber insurance. However, your policy may not even come close to absorbing all of your court costs. You may have to conduct a forensic discovery, retain outside counsel, and pay for remediation. 

You may also have to hire an outside organization to conduct a “determination of exfiltration of data.” A firm will complete this task to determine how and when your data was breached. There are stringent reporting requirements that will also be very demanding on your time and resources. The cost of these various stages of litigation typically ranges from $70,000 to $300,000. 

Lost Time and Resources 

Cybersecurity breaches are not only taxing financially, but they can also cripple your firm’s ability to conduct business for weeks, if not months. According to IBM, the average amount of time between a data breach occurring and being discovered is roughly 197 days. Most companies take an additional 69 days to contain the breach. 

If hackers breach your firm, you must ensure that you disclose the breach within the allotted time frame. Failing to do so can open you up to additional fines and lawsuits. Business partners, consumers, and independent entities also have the option to pursue civil litigation. The easier solution is to address cybersecurity before it becomes a problem. 

Reputation Damage 

Client trust is critical to every business but even more so for a CPA firm since they hold a large amount of sensitive client data.  

According to IDC, 80 percent of consumers will defect from a business if their information is compromised in a security breach. This translates into the loss of clients, loss of new sales, and an overall reduction in profit. 

Compliance Requirements 

While there is no set compliance guideline and requirements for CPA law firms, unlike SEC for financial services, and HIPAA for healthcare, compliance for CPA firms should not be optional. Not only is it good business to protect your firm and stop cybercrime, but most firms are also subject to some form of personal data breach law enacted by individual states.  

Specific to New York State, if your firm violated any state or federal acts regarding cybersecurity, you could be subject to additional penalties. For example, The SHIELD Act requires that any business involved in the licensing of computerized data “maintains reasonable safeguards” if they are handling the private information of New York residents. In some cases, you may be required to pay for credit monitoring and reporting services that could cost you an additional $100,000 or more. 

Additionally, many of your clients may fall into a specific set of cybersecurity and compliance regulations and requirements, which means you as the CPA firm is in their supply chain. Being part of their supply chain will require that you meet the same level of cybersecurity and compliance as your clients. If your firm cannot meet those requirements, it will lead to client attrition.  

What is The SHIELD Act? 

The threat of a cybersecurity breach and the risk of substantial financial loss can provide plenty of motivation for your firm to take data protection seriously. However, some jurisdictions are also proactively addressing cybersecurity issues through legislation. 

One such law is known as the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). This New York State bill became effective on March 21, 2020. The SHIELD Act serves as an amendment to New York’s existing state technology laws as they relate to data breaches and security. 

Among the measures introduced in the SHIELD Act is a requirement for certain businesses to “implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of private information.” The act is unique in that it applies to your firm based on the location of the client. If your database houses the private information of a New York resident, then you will be held liable under the SHIELD Act, regardless of where your firm is located. While these acts are not used throughout the nation just yet, they will likely become increasingly prevalent as our reliance on technology continues to climb. 

The average cost per lost or stolen record in a data breach is $150Misconceptions of Cybersecurity 

Despite its importance, many firms neglect cybersecurity. Many misconceptions discourage business owners from even pursuing the matter. Some business owners have the beliefs that cybersecurity is too complex or too costly. Other firms believe that it is not a priority because they are not a large organization or that an attack simply couldn’t happen to them. 

These ideas are dangerously untrue. With the continued trend towards a digital society, the importance of having adequate cybersecurity cannot be overstated. 

It’s Too Complex 

Even if you are not the most technically savvy person, having good cybersecurity is an obtainable goal for your firm. Many businesses can overcome IT limitations through the use of managed services. These packages allow businesses to get the protection they need from an easy-to-understand service. 

It’s Too Expensive 

Protecting your firm from data breaches is much more affordable than you might expect. Many cybersecurity plans are scalable. A CPA firm that employs 100 people does not have the same demands as a firm responsible for 1000+ personnel. As such, their costs will be lower. 

It’s Not a Priority 

As you can see, cybersecurity breaches can be extremely costly and can take months to overcome. The resounding effects of a breach can hinder your firm’s success for years to come. Any person or organization must make the protection of their data a priority. Otherwise, they will pay for it later. 

Supply chain cybersecurity risk warnings increased by 80% in Q2 2020

What is Managed IT Services? 

Simply put, the term Managed IT Services refers to the process of outsourcing responsibilities or tasks. In terms of data protection, managed security services might mean hiring a third-party vendor to organize and manage your cybersecurity plan. Through managed services, you can maximize your allocation of resources. 

If you were to do everything in-house, you would need a self-sufficient IT department. Building a team capable of meeting your cybersecurity needs would be much more time-consuming and costly than outsourcing.  

An additional benefit of outsourcing is that you can even expand the involvement of a managed services provider to include all of your information technology needs. 

Pillars of Effective Cybersecurity 

Now that you have a better understanding of the risks facing your CPA firm, it is important to put a process in place to address these risks using industry-standard best practices and learn how a managed services provider can help you implement best practices to protect your firm. 

There are five pillars of a successful cybersecurity plan, which are to identify, protect, detect, respond, and recover. By addressing all five of these pillars, you can keep your data safe and secure. 


The first step to a secure organization is to identify assets and resources. Without an accurate inventory of your assets and resources, you simply cannot plan to protect them. Your identify approach must have a process for properly identifying and managing data, staff, devices, systems, policies, and processes. These assets and resources should be prioritized by their importance and your organization’s objectives. 

Part of the identify pillar also requires an understanding of the business context. For example, what do you know cloud providers are in use to store client data, and why.  Having multiple cloud providers opens up additional security risks since data is living in multiple places, making it much more difficult to manage (also known as Shadow IT).  

Identification is accomplished by implementing proper asset and resource inventory controls and lifecycle management. There are many automated tools available that provide a real-time inventory of assets and resources by user, location, and access.  

Besides, your CPA firm must maintain procedures, processes, and policies to monitor and manage operational, legal, environmental, and regulatory requirements. This starts with the creation of information security policies and management. Having clearly outlined procedures can help to mitigate the risk of a negligent act that could result in a data breach. 

Once you have identified assets and created policies, you should turn your focus to risk assessment. Do you have a procedure to understand the cybersecurity risks faced by your organizational operations?  This includes factors such as your functions, reputation, public image, and mission.  

A cybersecurity risk assessment is a formal process whereby your firm identifies, analyzes, and prioritizes risks, that is a result of operating and using an information system. Risk assessments are typically performed by a third party, though “self” risk assessments are an option and are typically performed before a third-party assessment. The result of the cybersecurity risk assessment will inform key stakeholders of the current cybersecurity posture and help formulate a firm-wide risk management strategy.  

Two key components of a cybersecurity risk assessment are penetration testing and phishing tests.  

Penetration testing is essentially a simulated cyberattack against your firm. These simulated attacks can be performed with or without the knowledge of your firm (though the pen test must be signed off by a key decision maker) and can also be performed with or without the knowledge of your network. 

The results of a penetration test will provide intelligence for your firm to make decisions on what gaps in cybersecurity will need to be addressed. 

A phishing test is similar to a penetration test, except it seeks to identify the vulnerability of your staff, not your network. Users are typically sent an email that looks authentic, except it contains a malicious link. If the user clicks on the link and completes the request, such as entering a username and password, the user will be redirected to an education page where they can learn more about phishing and be able to learn and prevent future phishing attacks from becoming successful. Stakeholders will also receive reports on the effectiveness of the phishing test and actions to take to strengthen staff awareness, which will typically be security awareness training. 

The next aspect of the “Identify” stage is to develop a risk management strategy. This requires a clear understanding of your firm’s constraints, assumptions, risk tolerances, and priorities. You should use this information to support operational risk decisions. Risk management is dependent upon effective compliance management and information security management. 

The last step in the “Identify” process is to recognize supply chain risk management protocols. This stage involves understanding the risk tolerances associated

 with third-party vendors. Making wise decisions in your selection of vendors is vital to keeping your data secure.  Supply chain management has become a major focus area for regulators as this is the increasing source of attacks. 


After assets and risks are identified and addressed through policy, you must take steps to proactively protect your firm.  

As mentioned above, insider threats are one of the many weapons wielded by hackers. Effective identity management and access control should be a central part of your cybersecurity plan. This involves the following protections that should be considered a baseline for your overall cybersecurity and compliance policy. Not only do these protections prevent most attacks, but they are also the easiest to implement.  

300 million fraudulent sign-in attempts into Microsoft's cloud daily

The following are tools and processes to consider to protect your environment.

  • Multi-Factor Authentication (MFA) 

MFA requires users to authenticate using something in addition to a username and password. Think of it as a layer of security that makes it incredibly difficult for attackers to get past, very similar to when you are logging into your bank’s website. Having secondary authentication for your network and cloud resources, MFA prevents 99.9% of attacks on your user identities. 

  • Mobile Device Management (MDM)

Mobile devices including smartphones and laptops are where work is being handled, and the trend is that it will continue to handle more and more workloads. With MDM, your firm can gain control of your mobile devices, whether they are corporate-owned or Bring Your Own Device (BYOD). Some of these controls include enforcing application whitelisting, enforcing encryption, and enabling backups. 

  • Single Sign-On (SSO) 

SSO allows your firm to log in and access resources across multiple networks and providers with just one set of credentials.  

Not only is it a pain for your staff to remember multiple credentials, having SSO provides your firm additional security by enabling credential management that creates a central location to manage all user access and limiting the attack surface that can be exploited. 

  • Conditional Access 

With the shift towards cloud computing and remote work, conditional access provides your CPA firm with additional levels of security by validating and verifying the users and devices that are attempting to connect to the network and cloud resources should be accessing them.  

You might be thinking, isn’t access always conditional? No. Traditionally, all a user needed were the credentials.  Now, we can enforce additional policies, such as time of day, location, impossible travel, and device compliance.  If a user or a device does not meet corporate requirements, it will not be allowed to access resources, period. 

  • Leaked Credential Monitoring 

Your credentials are the keys to gaining access to your network and resources. Unfortunately, most people reuse the same 2-3 passwords for every service, from news sites to e-commerce sites, to video streaming. Cybercriminals understand this so they harvest credentials and attempt to use them by credential stuffing. By monitoring to see if your credentials have been compromised, you will be able to gain an advantage by knowing if your accounts are at risk and allow you to take corrective action.

 The average company with 200 to 500 employees uses about 123 software-as-a-service(SaaS) applications these days

  • Self-Service Password Reset 

Having to reset a password is probably a regular occurrence for most people. It’s time-consuming, a little annoying, and drains productivity. Self-service password resets address these issues. It also provides additional security by removing a layer of risk, since a user will not have to share any sensitive information to have a password reset, nor would the user expect to receive password reset emails from “Jim from IT”, reducing the success of phishing attempts.  

  • Security Awareness Training

Some of the most effective cyber-attacks rely on human error. With that in mind, the next step to protect your data involves raising employee awareness of cybersecurity issues. Your staff must be trained on data security best practices that are consistent with your existing policies and procedures. Even the best software can be circumvented if a staff member falls prey to a phishing or ransomware message. 

The third aspect of protecting your organization involves data security. Your firm’s records should be managed consistently with your risk strategy. By doing so, you can protect the integrity, confidentiality, and availability of information. The following tools should work together and be part of your data security and risk strategy: 

  • Next-Gen Anti-Virus (NGAV)

Long gone are the days of virus definition updates, where once a week or more recently, once a day, your anti-virus software will get definitions, which are basic instructions for the software to determine what is a virus and what is not. Now, with many exploits happening in real-time and spreading in hours, traditional anti-virus can’t get updates promptly.  

Enter NGAV, which uses artificial intelligence, data analysis, cloud scanning, and feeds from worldwide intelligence agencies, to detect and stop threats before they are even known. 

  • Cloud App Security

For most firms, applications and data are primarily, if not exclusively cloud-based. This offers obvious benefits of flexibility and security. However, it does introduce new security challenges and complexities. Cloud App Security acts as a broker between your users and cloud resources, regardless of whether the resources are approved for corporate use.  

For example, perhaps you have a CPA that is using Dropbox to communicate with clients, and Dropbox is not supported according to your information security policy. Cloud App Security can detect, log, and even shut down access to this resource. This reduces the attack surface of your firm and reduces the risk of data loss. 

  • Data Loss Prevention

Classifying data within your network and cloud resources is the first step to preventing data loss after identifying the data in the whole environment. By classifying data, such as employee confidential information, client confidential information, routing numbers, social security numbers, etc., your firm can leverage Data Loss Prevention which ensures employees do not send sensitive information outside of the environment. These controls can be automated so that for example no social security number can ever leave the environment. 

  • DNS Filtering

    As many as 65% of people reuse the same password for multiple or all accounts

The vast majority of phishing starts with a user clicking on a malicious link. By having advanced DNS Filtering in place, your firm will be protected from these malicious links, wherever your users work. 

  • Intrusion Prevention

There are hundreds and thousands of breach attempts on your firewall daily. It’s just a fact and part of doing business. Sometimes, these attacks are successful because they exploit vulnerabilities that a standard firewall cannot detect. Once inside, the attacker can get away with anything from shutting down your network, to accessing sensitive data, to continuously spying on your staff and wait for the right time to infect the network with malware and demand a ransom.  

With an Intrusion Prevention System, all traffic into and out of the network will be examined, including breach attempts, and will stop any threats that are detected.  

  • Data Encryption

Data lives in many places now, on your network, in the cloud, and on mobile devices. It’s mobile devices that are most susceptible to data theft in the event the device is lost. All a criminal will need to do is take the hard drive out and stick it into another computer or reader. With data encryption, seamlessly scrambles the data so that even if a criminal had physical access, they cannot unscramble it without your key. 

Once in place, these protection measures will require maintenance. You should repair or update your information systems at regular intervals. This includes installing patches as scheduled or even incorporating on-demand patching so that any updates or fixes can be installed immediately. These cybersecurity solutions must be appropriately managed, and audited regularly, to ensure that they are functioning as intended. Doing so will help to guard against lapses in protection. Appropriate management includes: 

  • Technology Strategy Management

Having an overall Technology Strategy Management that includes auditing and maintenance processes for the eternal environment is a must. Without a concrete plan, how would your CPA firm aim for and achieve success? By partnering with a third-party Managed Services Provider (MSP), your firm gains access to a vast pool of talent and resources, as well as experience across hundreds of clients. With that knowledge, your MSP can help you craft an appropriate Technology Management Plan that helps you assemble the best combination of tools and services, and regularly schedule audits and reviews. 

  • Infrastructure Management

Even with the best people, tools, policies, and procedures, your firm will not be protected if something is not functioning properly. Not only can 24/7 Infrastructure Monitoring ensure your security defenses are operating as they should be, but it can also ensure that standard technology services are operating as well, such as internet connectivity. Should there be a stoppage of any services, Infrastructure Management will proactively restore these services. 

  • Patch Management

Patching is as old as computing itself. Release software, find bugs, issue patch – rinse and repeat. With the vast number of applications in use, the velocity of emerging threats, and the speed of spreading, timely patching has become even more mission-critical. Your firm must be able to deploy patches quickly, in real-time, is scalable and wherever your users are located, to protect from the next zero-day exploit. 

Once all of these boxes are checked, you can consider the next pillar. 


Since malicious threats are continuously evolving, your firm’s security detection must always be managed and monitored. When an anomalous activity is detected, you will have the opportunity to take proactive steps to protect your data. The incident must be assessed so that you understand the potential impact of the attempted breach. 

The need for continuous monitoring further strengthens the argument for managed services. Managed service providers offer around-the-clock overwatch and can address issues within your network as they arise. This increases the chances of detecting a breach or potential breach early.  

Specifically, your Managed Services Provider can deliver and manage a SOAR solution. 

Security Orchestration, Automation, and Response (SOAR) is a cybersecurity term used to describe the combination of three distinct services and tools – threat and vulnerability management, security incident response, and security operations automation. Specific to the pillar of Detection, SOAR provides your CPA firm with automated endpoint and network detection and response (XDR).  

XDR takes all data, from your local environment, email, endpoints, servers, networks, and cloud workloads, and ingesting and actioning all relevant data in real-time from a security-first perspective. Because the process is completely automated, backed by artificial intelligence, threats to your firm can be detected much faster. The automated review also filters out all noise, non-critical alerts that contributes up to 99% of all alerts, so that security professionals can spend more time focusing on investigations and response.  

An exploit targeting Microsoft Exhange in March 2021, HAFNIUM, infected 30,000 organizations in 24 hours


The fourth pillar of an effective cybersecurity plan is “response.” You must have incident response planning in place if your system detects a cybersecurity incident, which outlines the activities and roles of individuals inside and outside of your organization.  

Every response plan should have controls to ensure that it is executed during and after the security incident.  

In addition to response planning, managing communication is a must. You should coordinate with stakeholders and law enforcement agencies if necessary. Prompt communication can provide you with additional resources to address the incident more effectively. 

With SOAR, your firm can benefit from an automated response, speeding up response time and the quality of the response.  

After the incident is under control, you should analyze your firm’s response to make continuous improvements. Analysis should include determining if the response was timely, sufficient, impact, and areas of improvement. Respond planning can also come into play with a major outage, such as a catastrophic network failure. 


Lastly, your CPA firm will need to have a recovery plan in place that will help restore capabilities and services impacted by a cybersecurity event. Bear in mind – there is NO way to ensure that your firm can be 100% protected from cyberattacks. That is just not possible. While a recovery plan will not prevent your firm from being attacked, but it will reduce the cost of an attack.  

Components of your firm’s recovery plan should include regular offsite data backups and periodically tested to ensure that you have the latest data available. In addition to backups of corporate data, your recovery plan must also include third-party vendor services, such as the voice system and cloud applications that are critical to conducting business. Similar to a response plan, a recovery plan should have processes built in to   

Why It is Important to Address It Now 

While many things in life can wait, your CPA firm’s cybersecurity is not one of them. Data breaches can cost you millions of dollars in assets and resources. The trend of new legislation, such as the SHIELD Act, can place additional strains on your firm if your system is hacked. In worst-case scenarios, a massive data breach can even shut down your firm. 

Throughout your average business day, your employees likely exchange thousands of emails. If your system is not protected, each of those emails is an opportunity for a hacker to infiltrate your network and access your valuable data. 

According to Cybint, approximately 95% of cybersecurity breaches are caused by human error. To make matters worse, 88% of organizations worldwide faced spear-phishing attempts in 2019, based on information collected by Proofpoint. Everyone — including hackers — understands that people present the most viable option for gaining access to valuable information. 

If you are not training your employees on the dangers of cyber threats, you should be. The benefits of creating or revamping your cybersecurity practices far outweigh the investment. Doing so is much more affordable than you might imagine, thanks to CHIPS Technology Group. 

Who is CHIPS Technology Group? 

CHIPS Technology Group creates Fortified Modern Workspaces by providing a full stack of IT services to organizations in the New York Metro Area. Our process-driven, security-first approach to delivering technology services continues to evolve to meet the increasing needs of our clients. 

CHIPS Technology Group was founded in 1993 by Evan Leonard and David Tan. Since our inception, we have made it our mission to use technology and our expertise to help our clients with all of their IT strategy, security, compliance, service, and support needs. 

We do not simply provide you with a generic set of guidelines and cybersecurity services. Our experienced team has the industry certifications necessary to provide you with unique cybersecurity solutions, including customized policies and management. We offer a full array of IT, cybersecurity, and compliance services that are scalable based on client needs. That means that you will receive the services that you need at a price that fits your budget. 

If you are ready to embrace technology and want to elevate the way you do business, then it is time to partner with CHIPS Technology Group.  

More To Explore

Let's Chat
Let’s have a conversation, we’d be happy to provide some honest guidance.