By Isaac Cohen.

As tax professionals prepare for a busy tax season complicated by an ongoing pandemic, new tax credits and changing workplace arrangements, they must also take steps to defend against an array of new cyber threats.

Threat actors are increasingly targeting accounting and tax firms. According to analysis, reported data breaches at CPA firms have increased by 80% since 2014, as threat actors seek to steal client data, extract financial payments or wreak havoc. The costs and consequences have also skyrocketed. Data breaches can cost millions in recovery and reputational damage.

That’s why tax professionals need to consider evolving cybersecurity risks before a frenzied tax season captures their time and attention. Here are three cybersecurity trends that CPAs and accounting firms need to tackle this tax season.

#1 Phishing scams put data disaster just a click away

Phishing scams, malicious messages sent via email, SMS or other digital platforms, put a data disaster just a click away. These attacks, which exploit people’s ignorance, uncertainty and familiarity, can provide threat actors with direct access to corporate networks and customer data.

We think that three billion phishing emails are sent every day, while phishing messages sent via SMS, often referred to as “Smishing” attacks, increased by 700% in just six months. According to Cisco’s Latest Three Trends Report86% of organizations say they have at least one employee who clicked on a phishing message.

Fortunately, the training works. CPAs and accounting firms should invest in comprehensive phishing scam awareness training, ensuring their teams are ready to identify and defend against phishing scams this tax season.

#2 Accidental and Malicious Insiders Put Data at Risk

As organizations frequently direct their cybersecurity budgets to target external threats, company insiders endanger data and network integrity without recourse. Insider threats, including employees who accidentally misuse sensitive information and those who maliciously compromise critical data, pose a significant threat to data privacy and cybersecurity.

For example, 85% of data breaches involve a human element, and human error plays a significant role in a company’s cybersecurity capability.

To combat insider threats, CPAs and accounting firms can teach and apply cybersecurity best practices, including data management standards, distinctions between personal and work devices, and fundamentals of digital hygiene.

Of course, some insiders will deliberately compromise company or customer data. Often motivated by money, these malicious insiders use their privileged access to the network to steal and distribute sensitive information for profit.

Employee monitoring and data loss prevention software can help detect and deter these malicious actors, enabling accounting firms to prevent malicious actors and protect corporate data from threats lurking within. organisation.

#3 Ransomware is a nuisance threat

2021 set a record for ransomware attacks, affecting healthcare facilities, small businesses, and government agencies with frightening speed. These attacks, which rely on compromised login credentials, software vulnerabilities or malicious insiders to gain access to corporate networks and encrypt critical files, can have enormous financial repercussions.

The average ransomware payment has increased from $7,000 in 2018 to over $200,000 by 2020, an unfathomable increase that should keep every organization alert and ready to respond. Meanwhile, new developments, such as ransomware operations as a service only increased the concern.

Seeking to maximize the liability of their victims, ransomware groups frequently target organizations during peak productivity cycles. For CPAs and accounting firms, this means being prepared for malicious actors to attack their operations during tax season.

Even simple cybersecurity protocols, like regularly updating passwords and requiring two-factor authentication, can thwart threat actors. This tax season, getting the basics right can make all the difference.

Account for cybersecurity in 2022

This is bound to be a particularly difficult tax season, even without the unique obstacles posed by a changing cybersecurity landscape. While the threat is significant, CPAs and accountants can act not to beef up their people, processes, and procedures to ensure cybersecurity doesn’t become a barrier to an amazing client experience this tax season.


Isaac Kohen is Vice President of R&D at Teramind, a leading global provider of employee monitoring, data loss prevention (“DLP”) and workplace productivity solutions. Isaac is a published thought leader and recently authored the e-book “Measuring employee productivity in today’s workforce”. Follow on Twitter: @teramindco and LinkedIn.

About The Author

Related Posts