Consider the following questions. If your answer to any of them is "no," your firm may be vulnerable to hackers.
- Does your firm backup all important data and information frequently? Regular backups reduce the likelihood that critical data is lost in the event of a cyber-attack or physical incident such as a fire or flood. The primary defense against ransomware attacks is to institute frequent backups of the files you do not want to lose, and to protect the backups in a remote or external location where they are safe from ransomware that seeks out backup copies.
- Are your employees required to complete regular cyber-security awareness training? Firms might not invest in the cyber-security awareness training necessary to educate their employees on ever-present dangers, such as clicking on links or attachments found in emails, downloading malware through insecure websites or social media, or responding to requests for information from socially-engineered emails designed to scare people and exploit their desire for a good deal.
- Have you implemented the "least privilege" concept of user permissions? Strictly defined user permissions and restrictions help ensure that people have only the level of user rights that they need to do their jobs.
- Do site administrators log out of systems and programs immediately after they have completed their tasks? Excessive rights and activities enable malware to cause more harm and result in greater data losses.
- Have you had a cyber-security expert test and evaluate your firm’s systems? Experts familiar with the firm’s systems can work with insurance and breach response service providers to reduce damages from breaches, minimize the costs of addressing the problems, and enable the firm to recover sooner.
Take the necessary risk management steps to prepare and safeguard your firm before you become a cyber-attack statistic.
CAMICO Cyber Claims ScenariosThe following two scenarios are recent examples of cyber claims that have impacted CPA firms. One involved ransomware, which has seen a significant increase in frequency. The other involved fraudulent tax returns – another area causing many problems for firms. These scenarios illustrate the value of the services available to respond to covered cyber incidents:
Scenario: Ransomware downloaded, files encrypted, client notifications requiredAn employee of the firm unknowingly opened a malicious attachment to an email that immediately downloaded ransomware onto the firm’s computer system. The firm noticed immediately that the file names were being changed to “Decrypt my File.” The virus spread quickly to all the firm’s servers, and all the files became encrypted. The firm contacted their IT department, deleted the encrypted files, and restored files from a backup. However, since the IT department had deleted the encrypted files, IT forensics was unable to determine whether the hacker had gained access to the personal information contained in the files. Legal counsel was engaged to determine whether the firm had any notice obligations. Since the firm could not determine whether information was accessed, counsel advised that federal regulation required the firm notify all clients. Notification letters were subsequently mailed to all the firm’s clients. Additionally, a PR firm was retained to assist with a required media notice. The firm’s cyber coverage paid for IT forensic costs, client notifications, credit monitoring, PR expenses, and legal fees.
Scenario: Tax return fraud, client information breached, notifications requiredThe firm was notified by their online tax service provider of an issue with some of their e-filed returns. In researching the issue, the firm noticed the bank account numbers were changed on the returns, and the firm’s EFIN was used to electronically file fraudulent tax returns. Information of 45 firm clients was used to file fraudulent returns. IT forensics was hired to restore their systems and determine the scope of the breach. Forensic work determined that the firm’s system received a virus that was unknowingly downloaded onto one of the firm’s computers and resulted in approximately 2,000 clients’ information being accessed. Legal counsel was hired to assist the firm in completing notifications to the affected clients, who were provided with credit monitoring, and the firm hired a PR firm to assist with a media release. The firm’s cyber coverage paid for IT costs, client notifications, credit monitoring, PR expenses, and legal fees.
As the preceding scenarios illustrate, robust breach response services and procedures, and an effective risk management program, are more important than ever to assist firms in recovering from an incident. Remember, it is not "if" you will be attacked, but "when."