Cyber risk management is becoming a bigger concern and with this growing worry, you might want to bolster your knowledge on the subject. While cyber security may not be something you are required to have on your resume it is something that will set you apart. At least this is what the AICPA Assurance Services Executive Committee (ASEC) is showing to be true.
The ASEC just released a proposed framework for companies to use. The content is a set of standards used to design and describe cybersecurity risk management programs. This includes new engagements CPAs will have to use to serve their company by evaluating the cybersecurity programs in place. This "cybersecurity examination" would help to ensure your company is evolving to stay a step ahead of the hackers who are trying to crack into your information.
The hackers to be worried about are usually nowhere near your actual place of business geographically or on the web. Instead, they are finding their way in through the people who are already in the network. Database breaches are occurring not by hackers breaking in but by employees inadvertently letting them in. This can happen when one employee logs onto an open wifi network that looks innocent enough "Cafe Free Wifi" or "O'hare Airport Free Wifi" may actually be a dummy network the hacker sent up. As soon as you are connected, an experienced hacker can see what you are doing on your phone and even perform a "Trojan Horse" style hide and wait attack where they wait until the user joins another network (such as in office wifi) and then jumps networks and they are in.
This is just one scenario that could be addressed by cybersecurity risk management programs. While all companies should be addressing this it is of the utmost importance for public accounting firms to implement risk management programs. Furthermore, accountants should be included in the forefront of these programs being implemented in any business. Specifically, the audit profession is making efforts alongside to the AICPA to develop a uniform platform for CPAs to respond in across the board.
This is still all in the works and the goal is to continue to grow and adapt, so the AICPA will be looking for more and more input from CPAs. The goal is merely to move away from a disjointed and chaotic approach to cybersecurity that changes from one party to another. ASEC is creating a guide to help companies manage risk in all of their networks, creating tool kits for members, and will be covering cybersecurity in upcoming AICPA conference programs. This will also lead to guidance to help address tax return fraud, and Forensic and Valuation Services to continue developing cybersecurity resources.
You can head on over to check out the AICPAs Cybersecurity Resource Center here http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/cyber-security-resource-center.aspx