This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.


5 Low- or No-Cost Ways for CPAs to Help Slam the Door on Cybercriminals Logo aicpa

  Susan Pierce, CPA, CITP, CGMA |   Free |   AICPA |   04 Oct 2016 |

Cybersecurity is costly, and budgets are always limited This blog post discusses five simple steps CPAs can take to help protect data without breaking the bank.

Topics covered:
  • Management accounting: Technical: Risk management & internal control: Risk identification & assessment, Advanced
  • IT management & assurance: Technical: Information security & privacy, Intermediate
  • Management accounting: Technical: Risk management & internal control: Cybersecurity, Intermediate
  • Management accounting: Technical: Risk management & internal control: Cybersecurity, Advanced

1 Comments/Reflections

Bernhard Heyns

Bernhard Heyns Dec 2016

During the first 5 years of my career I worked for companies with low risk of cyber attacks as the companies were small, after moving to a fortune 500 listed company I became more exposed to cyber security and the ways to control the risk.

The company's IT department sent us random scam emails which we had to identify and report to them, this helped us keep track of the potential scams out there and also probably identified the problem employees in the company which fell for these emails.

The company also had a two way authentication process for logging on to the network remotely which meant that any computer logging on from another server was properly tested.

The biggest issue remained attachments sent via email, especially any JAVA and PDF attachments as they were the most received and used files.

Another usefull way to limit the risk of any cyber attack was the setup of each computer, no employee besides IT could install any application on the computer as it required ADMIN passwords to be able to continue with any installation.

The company also provided online training with regards to email security and scams. Each employee was also required to change their passwords every 3 months to comply with SOX requirements.

Very good learning experience.