AICPA Tips to Keep Critical Client Information Safe

Consumers have little faith in businesses to protect their personal and financial information. The recent news of the T-Mobile data breach – which included the names, social security numbers and driver’s license information of millions of Americans – is likely to further erode that trust. And that’s a problem CPAs are well suited to help their clients and companies address.

Nearly nine out of 10 Americans (89%) are concerned about the ability of businesses to safeguard financial and personal information, such as credit card or social security numbers, according to a survey conducted earlier this year by The Harris Poll on behalf of the Association of International Certified Professional Accountants (Association), representing AICPA & CIMA. Further, half (49 percent) saying they were very or extremely concerned.

“Cybersecurity has been an increasingly important consideration for the finance function over the past decade and it is now critical that every CFO is directly involved in the effective management of this significant risk,” said Ash Noah, CPA, FCMA, CGMA, and Association vice president of CGMA External Relations. “These breaches erode customer trust, have a devastating impact on reputation and a tangible impact on the bottom line. Understanding cyber risks and ensuring that organizations are devoting enough resources to mitigating them needs to be a top priority for all finance teams.”

Data breaches are incredibly costly to companies and individuals. A study by IBM found that data breaches cost companies an average of $3.8 million, with about 40 percent of that cost coming from lost business.

And breaches increase the risk of identity theft for consumers; 19 percent of Americans report being the victim of ID theft, according to the Association’s recent poll.

Despite their lack of faith in companies’ ability to safeguard information, 25 percent of Americans still store their credit card or debit card information in online accounts, the Association survey found. This underscores the potential for information breaches to have a negative financial impact for millions of individuals each time there is a large-scale breach.

“Data breaches are becoming alarmingly routine, costing companies and individuals each time,” said Rich Vera, CPA, CITP, and member of the AICPA’s CITP credentialing committee. “And while hackers are continually finding new ways to access secured information, there are many things companies and individuals can do to better safeguard their information and minimize any potential damage a data breach can cause.”

CPAs can play a role helping their companies and clients can take to minimize or limit their risk. CPAs have a unique view into all functions and operations of an organization and know where and how the information hackers most covet is stored. That broad perspective, coupled with their professional skepticism, allows CPAs to help organizations better identify cybersecurity risks.

Moreover, CPAs with the AICPA’s Cybersecurity Certificate can help their clients establish clear cybersecurity training programs and policies, such as regularly updating passwords and software, to assure best practices are followed.

The AICPA & CIMA’s Cybersecurity Risk Management Reporting Framework, also known as System and Organization Controls (SOC) for Cybersecurity, provides an independent, entity-wide assessment of your organization’s cybersecurity risk management program. Organizations can leverage it to evaluate the effectiveness of existing cybersecurity processes and controls and generate reporting on cybersecurity risks and management concerns. These reports provide transparency on cybersecurity risk management programs and help inform how to best manage risks.

Business owners in need of introductory guidance on cybersecurity should consult the AICPA’s Cybersecurity Resource Center for free tools and guides for addressing their cybersecurity needs and identifying the skills they want from a CPA cybersecurity expert.