It was Friday, March 14, and it had been an extremely bad week for Mr. Hapless of Hapless CPA. Mr. Unforgiving, the largest client at the firm, was sitting in the lobby waiting to meet with him. Mr. Hapless knew why. The whole week had been about disclosures — the disclosure of personal data from Mr. Hapless’ computers and the theft of personal client information. The FBI and State Police had been in the offices most of the week investigating.
“Fortunately, they are gone,” thought Mr. Hapless as he walked down the hall to the front lobby. The news media had moved on to another story in town. He was thankful for the focus shifting from him to someone else. The news media had been camped out in the parking lot waiting to pounce on any customers or employees coming into or leaving the office for comments about the disclosure of data, so Mr. Hapless had given most of the employees the week off. Not that the media could understand the issues facing the firm this time of year. All they wanted to know was how it happened and why the firm had been so careless with client data. No important work had been done this week; most corporate returns had to be extended even though some could have been completed if this issue hadn’t happened. This, by far, had been the worst tax season, and there was still a month left.
Mr. Hapless escorted Mr. Unforgiving into the conference room and asked him how things were going, but he knew full well the answer would not be good. Mr. Unforgiving hardly ever came into the office as he preferred to have his underlings take care of his dealings with Mr. Hapless.
Mr. Unforgiving began: “Happy (Mr. Hapless’s nickname), we have known each other for a long time, and it is a terrible thing happening to your firm right now. I really feel badly for you. You probably don’t know this, but the data thieves that broke into your computer system have not only obtained credit cards in my name, but they have also used the direct deposit information to liberate my bank account of $500,000. I am not happy about this situation, and as of now you are terminated as my accountant. I am taking my business to Able, Able and Kuntz. Fred Able will be contacting you on Monday to get the status on my business and personal tax matters.”
Mr. Hapless tried very hard to stay positive and keep a smile on his face. Mr. Unforgiving was his largest billing client and represented considerable revenue for his small firm. “Bob,” Mr. Hapless said, “is there anything I can do to change your mind?
I know this is bad, but I really thought I was protected; my outside IT person said the firewall I had was sufficient. I didn’t know that it wasn’t. Would you reconsider? We have known each other for a long time and that has to be worth something.”
“No,” said Mr. Unforgiving, “you have cost me considerable time and money already; and from what I have learned about identity theft, it’s going to take me several months to clean all this mess up. You should have been thinking more about your security instead of relying on your outside IT guy. See you around town.” With that, Mr. Unforgiving got up and walked out of the office.
Is the experience of Mr. Hapless typical in our profession? Fortunately, not yet! As accountants, we need to work diligently to keep it that way. While this story is fictitious, it does give us something to think about. How good our protection is at the Internet perimeter and how much vulnerability we have to an outsider’s intent on stealing computer information is a matter all public accountants have to address. The answer resides in how well we protect our networks from both inside and outside threats.