According to an FBI report, cybercrime cases have quadrupled over the last year. With many people working from home, company data security has taken a hit since corporate firewalls cannot protect what goes on at home.
CPA firms, accountants, and professional service firms are prime targets of cyber-attacks. The significant amount of personal information collected and stored is a gold mine for cybercriminals. Many smaller firms lack robust security yet still hold valuable data.
How have state governments responded? Many have created ever-changing data security statutes, which have resulted in compliance headaches for accounting and professional service businesses. Each state has its own specific data breach notification laws, which can change at any moment.
Common cyber crimes
While there are many ways cybercriminals can breach security systems, there are a few favorites. It’s essential to sure up any weak links in your data security strategy to not present easy ins for cyberattackers. According to the FBI, the most common risks and crimes online include:
- Business email compromise — are scams that exploit the reality that so many of us rely on email to conduct business, both personal and professional.
- Identity theft — Stealing personal information, like a Social Security number, and proceeds to use it to commit theft or fraud.
- Ransomware — A malicious software, or malware, prevents companies from accessing computer files, systems, or networks. To unlock files or the system, it demands a ransom payment.
- Phishing and spoofing — Schemes aimed at tricking users into providing sensitive information, often occurring through email.
Minimize the cybercrime risks
It’s nearly impossible to eliminate all cyberattack threats, but you can still do a lot to minimize the risks.
Train employees — The more aware your employees are of threats and how to identify them, the better. Staff should be trained on identifying the most common tactics used by cybercriminals and on best practices for email and passwords.
Upgraded cybersecurity — Software plays a vital role in keeping cybercriminals at bay. Security systems should be robust. The stronger, the better. Using tools such as multi-factor authentication, anti-virus software, strong passwords, and device lockdowns can significantly decrease your risks.
Data privacy laws are changing
All U.S. states have laws mandating data breach notification. In 2018 and 2019, multiple states rolled out new data privacy laws, closely mirroring Europe’s General Data Protection Regulation (GDPR). The GDPR is challenging for companies to implement because many can not meet the strict requirements by its effective date.
In the U.S., the California Consumer Protection Act (CCPA) took effect at the beginning of the year. It is already being cited in data breach lawsuits (Barnes v. Hanna Andersson, LLC, N.D. 20-cv-00812).
What does the CCPA do?
- It requires businesses to inform consumers about collected information and the purpose for which it's collected.
- It gives consumers the right to know how their data is being used.
- It formalizes data protection and disposal techniques and tools.
- Within 30 days of breach detection, consumers need to be notified.
- Provides civil financial penalties of up to $7,500 per instance of non-compliance.
- Individuals have the right to bring a private right of action against a company when personal information is breached. They do not have to prove they incurred a financial loss from the data loss. They only need to show the company violated the law.
Additionally, New York has the SHIELD Act, Nevada has Senate Bill 220, and other states follow their own legislation.
Don't risk a cyberattack
Even following best practices, the risk of a security breach for companies exists, not to mention if the company falls out of compliance with new regulations.
If a breach occurs or a compliance lawsuit has been filed, businesses need legal and cyber experts to navigate the situation.
When it comes to effective professional policies, clients need robust risk management resources and speedy, effective claim responses. Our team specializes in providing Professional Liability Insurance / Errors & Omissions (E&O) on a national basis and creating. Learn more about us.