Posts

cyber hacker breaches the security of thousands of Canadian CPA firms

CPA Canada Breach Exposes Over 300,000 People

Data Breach in CPA Canada

A breach of CPA Canada exposed the personal data of over 300,000 Canadian accountants and stakeholders.

According to existing reports, the information pertained to the distribution of CPA Magazine. CPA Canada said credit card numbers and passwords were encrypted and not among the exposed data. The cyber criminals accessed CPA Canada members’ contact information on the organization’s website.

Approximately 329,000 individuals were notified of the breach and warned of possible attacks in the future.

It warned members to stay vigilant of possible phishing emails, texts or phone calls that may come as a result of the attack.

Taking Secure Steps

Members of CPA Canada will have to check their emails frequently and be careful not to open any attachments from unsolicited messages.

CPA Canada took steps to secure its systems to secure their site, however the breach could have happened months earlier. As is the case with many breaches, it’s difficult to pinpoint when exactly a breach happens.

The association ties the incident to an alert issued in April about a phishing campaign that requested users to change their CPA Canada password due to a website breach. This is a common way cyber attackers gain access to information.

A similar breach occurred after the launch of Disney Plus. Experts say that hackers sent fraudulent emails asking users to “verify” their passwords so they could be saved and sold on the dark web.

They explain that the emails originated from the IT department where the victim was employed. The emails indicates that the IT department suspected a security issue with the domain cpacanada.ca.

This is Nothing New For CPA’s

Unfortunately, this type of event is too common for accounting firms. In April 2020, the IRS issued warnings to taxpayers and firms to be aware of phishing scams involving the stimulus checks from the CARES Act.

Cyber security experts advise accountants to take even greater care of their data especially when working remotely.

Forcing digitalization has left many firms more vulnerable to attacks than ever. The usual types of phishing attacks are all present only now they’re more frequent. Hackers know that firms that had issues shifting to a remote environment left many digital vulnerabilities exposed.

The IRS itself had struggled with enabling employees to work remotely. Changes to internal systems and readjustments made for enabling remote access leaves gaps for attackers firms might not otherwise have.

Some Firms are More Vulnerable Than Others

CPA Canada reports that all activities are normal for now, but things could have turned out much worse. Accounting firms that neglect their cybersecurity can quickly become the victims of hackers. The moment attackers gain access, they encrypt and freeze data until your firm pays their fee.

Larger firms are safer because they perform frequent audits and have security consultants ready in hand. However, smaller firms might not have the resources and cyber security skills necessary to protect themselves.

These firms still deal with sensitive financial information so they become preferred targets by hackers. It’s much easier for a hacker to attack several small firms than one larger one.

Conversely, firms experience attacks caused by spiteful or careless employees. Performing regular backups is better than doing nothing but there is no guarantee the hacker won’t just keep your data hostage. Paying the ransom doesn’t guarantee an end to the attack either.

How Do you Prepare Against Phishing Attacks?

The best way to prepare for an attack is to do incremental backups and consistently testing those backups. Backups are useless if you can’t restore your systems should something happen.

Working Remotely Adds New Risks

Now that CPA firms are working remotely, they might not have the same resources or security measures they would have in an office setting. Firm employees typically access applications through their secured office desktops. Accessing these same applications on a personal device could mean they are easier to breach even with a VPN.

IF a CPA failed to assess the security measures needed to function remotely it can leave the doors open to a cyber attack that breaches systems quickly.

Compliance is Key

A way smaller firms can avoid scenarios like the one mentioned above is by applying best practices when it comes to IT security. Even if you are a smaller firm with limited IT personnel, there are Managed IT services providers that can supply you with the needed boost in security.

How? By doing what the larger firms are doing, applying best practices to all of your systems. A CPA has to follow strict compliance regulations in order to operate. SOX and FINRA regulations, for example, require regular audits that demonstrate sensitive financial data is kept safe.

The added benefit achieving compliance is that it requires a secure IT infrastructure. By auditing and verifying compliance firm are also checking for cyber vulnerabilities.

Cyber criminals have learned that companies are increasingly more difficult to infiltrate by directly breaking through their security systems. That is why they rely on phishing attacks to go around this problem.

Phishing Attacks Still Happen Because They Still Work

In the case of CPA Canada a phishing scam exposed valuable information. Phishing scams are still the most popular form of cyber attack today. That is because it doesn’t target a network, it targets the user.

Phishing is all about manipulating the target into performing an action. It can be downloading an infected attachment or clicking on a malicious link.

With phishing scams, hackers don’t have to worry about the strength of a firm’s network because no matter how strong the network, it’s only as strong as its most gullible employee.

It can be even worse when added to a remote environment. Having a dedicated team of IT experts available 24/7 improves an employee’s chances of avoiding a phishing attack altogether.

Nerds Support has comprehensive IT solutions that allow our technicians to flag and monitor potential email scams. However, the safest action to take if you have a limited IT team is to send suspicious emails over to your IT department rather than opening them yourself.

CPA Canada has contacted the Canadian Anti-Fraud Center and private authorities to conduct a proper investigation. Only time will tell the ramifications of this breach and how vulnerable those affected really are.

How Accounting CPA's will continue post the pandemic

Accounting In A Post Pandemic Era

The coronavirus has impacted nearly everyone in the country. Now, accountants might find themselves wondering how to create a secure work environment for themselves and their clients.

The needs of your clients are changing and so is the industry. Furthermore, new regulations created as a consequence of the coronavirus are affecting business practices.

With that in mind, here are a few changes the CPA’s will experience in the coming years.

Employees

All businesses including CPA firms are looking to get employees back to work.  These are some guidelines that might help your firm organize itself as the country begins to open up again.

  1.  EEOC sub regulatory guidance is a mouthful, but it is also important when considering how to navigate your firm’s re-opening process. According to EEOC guidance, employers are permitted to test for the presence of the COVID-19 virus before allowing employees to enter the place of work.
  2.  Employers must ensure the right infection controls regarding testing and be cautious of false positives and false negatives. Keep in mind that even the most accurate test only detects the virus if it’s currently present in the body. It does not guarantee the employee will not get the virus later.
  3.  Temperature checks are permissible under EEOC guidelines. However, who should administer the checks and how to administer them are not clear.
  4.  Employees testing positive for COVID-19 should be isolated from others and the workplace. Employers are encouraged to follow CDC and OSHA guidelines, which include closing off areas used by the sick employee, cleaning and disinfecting the environment, and informing other employees of any possible exposure to the virus in the office.
  5. Results from a COVID-19 test or temperature check fall under ADA confidentiality provisions. These tests are considered confidential information that should be kept in a secure location away from other employee information.

 

Industry

We covered employees, but what about changes in the industry itself? The COVID-19 crisis has accelerated certain trends and shifted others. Let’s review what some of those are.

A Shift in Duties For CPA’s

Small-business clients need help accessing relief programs in the CARES Act and the Paycheck Protection Program specifically. This means firms need to quickly transition from consulting to advisors as they help businesses get through the lockdown.  Financing reviews, a lot of cash flow forecasting and evaluating relief packages will be more important through tax season and the next few months.

Working Remotely

Experts agree that remote work for CPA’s is going to become the new normal. With companies like Twitter, Facebook and more making remote work permanent.

Although remote work was projected by  to increase gradually, the lockdown sped up the process. Firms were forced to quickly adopt remote enabling technologies like Video conferencing apps and the cloud.

Cloud Accounting

Speaking of the cloud, the move to remote operations has been difficult for firms who complain that apps like Zoom are not working well with their Citrix environment. That’s mainly because these firms have only partially moved over to the cloud.

Cloud accounting is an inevitability now that we know a pandemic can force us to work beyond the office at any moment.

A firm that was not prepared likely did not have the time to migrate to the cloud all of their applications and infrastructure over. So as things begin to pick up speed they’ll do so.

Moving to the cloud is not as easy as choosing to do so. There are steps to cloud migration. Moreover, the quality of the cloud service depends on the quality of the provider. Firms must familiarize themselves with the different types of cloud services: public, private and hybrid clouds.

By choosing a large public cloud like Amazon Web Services, you could be sacrificing personalized care. Choose a cloud that lacks the proper regulatory standards and it might hurt your firm more than it helps.

The chief concern for all CPA’s should be to assist clients, help save businesses and keep jobs.  CPA’s are the financial experts both individuals and main street businesses need right now. Having the right tools in place is going to be essential.

Accountants may have the technology to work remotely but not all of them have everything they require to work efficiently. Although being in the office doesn’t compare with being at home, adjusting is a matter of making the right choices.

Clients

Additionally, accountants can’t meet face-to-face with clients so they’ll resort to remote advising as a way to adjust. However, just like remote work, remote advising is going to outlast the lockdown it seems.

Accountants and clients will adjust to working from the comfort of their homes without having to bare long commutes or wait in an office.

Remote advising will redefine what it means to be an accountant like tax application services are doing now. Firms will realize that remote advising is not just a way of working through a pandemic but perhaps a more efficient way of doing business for both them and their clients.

Firms

Although the long-term consequences of the lockdown are still unknown, accountants need to see themselves as advisors businesses need to survive. Firms of all sizes are going to called on by their clients to help them though the economic downturns created by the lockdown.

CPA’s, unlike other professions, are facing an opportunity for growth. Accounting firms should position themselves as the first responders during a financial crisis. Employers, businesses and average citizens are looking for help. They want to apply for loan programs, government assistance, and financial relief programs. All of these examples require knowledgeable of tax, accounting and payroll.

Businessman fitting accounting workload into briefcase

CPA’s: Top Five Tips To Beat Workload Compression

The Problem of Workload Compression

If you’re an accounting firm, workload compression is probably a big issue. In fact, a study by the tech company Right Networks along with the CPA firm Management Association, surveyed 162 CPA’s after tax season and found that workload compression was the biggest concern for 40 percent of CPA firms as they prepared for tax season.

The reality is, workload compression will always exist to some degree. Therefore, the best thing to do is to figure out ways to manage it effectively.

1) Identify How Workload Compression Affects Your Firm

Every firm is different. So, it stands to reason that workload compression impacts firms differently.

What are the causes of workload compression in your firm?

Is it confusion about new tax laws?

Difficulty with certain returns?

Clients avoiding extensions and demanding their return?

2) Execute a Plan

Once you’ve figured out the “why’s” and the “how’s” you have to focus on the “what.” In other words, now that you know the specifics of your workload problems, what are you going to do about them?

That plan differs considerably if you’re a larger firm as opposed to a smaller firm and vice versa. For example, dropping a few clients mitigate the workload compression but if you’re a smaller practice you probably depend on tax season to generate revenue.

• Hire Temporary accountants or paid interns

Staffing is an important factor in dealing with compression. Hiring temporary or seasonal employees can be a good option for your firm. There are many accountants that choose to work within specific time frames because it fits their lifestyle. Experiencing practitioners don’t always work all year round. Look within this pool to boost your workforce.

Likewise, interns are also viable options during busy periods. Practical work experience gives recent graduates or current students the necessary training to work as CPA’s. Moreover, internships can turn into full time positions if they perform well, benefiting them and your firm.

3) Use Technology To Your Advantage

Many firms in the study mentioned above report that the biggest changes they made before tax season were software improvements. Specifically, firms used e-filing and digital signing technology to go paperless.

Additionally, 72 percent of firms asked about the benefits of hosting tax applications on the cloud said they favored anywhere, anytime access. 67 percent consider the cloud secure and 34 percent noted improved collaboration with personnel and 20 percent saw improved collaboration with clients.

Cloud accounting and workflow software like QuickBooks, which is designed for accountants, reduce staff time, make communication with clients and staff more effective and can optimize staff performance. Learn more about hosting QuickBooks here.

QuickBooks Cloud Integration lets you manage, track and assign projects on any device, in any location, to optimize your efforts with cloud-based accounting.

Managed IT support services offering cloud integration allows for the that collaboration and workflow efficiency.

4) Schedule Smarter

Don’t work on returns until all the necessary information has been provided by the client. Also, working on complicated tax matters before tax season starts can give you a leg up on other firms and position you to work more efficiently.

This tactic requires communication with your clients before the year ends and instead of waiting for their information to come in.

If you’re a firm with a fair amount of non-tax season work, that’s okay. Schedule days in which you can focus on tax returns only. Then, organize your firms so reviewers can work those client returns.

5) Communicate With clients

Communication is an underrated tool for many CPA firms, however it can facilitate tax processes like you wouldn’t believe.

In an age of social media and instant messaging, clients expect a level of personalized service. That shouldn’t be looked at as negative but rather, as mutually beneficial.

Communicating changes to clients through newsletters, emails, calls, social media, and tax updates will prepare your firm in anticipation of tax season where most firms simply react to it.
This gives your clients the personal touch they appreciate while giving you the information you need ahead of time.

The Takeaway

Your firm shouldn’t wait until tax season to prepare. A proactive approach to workload compression can come a long way when peak season hits and your firm is pressed for time.

Workload compression is the dreadful for everyone and hopefully, the tips reviewed here can alleviate it for your firm. Always plan ahead before tax season and tax season might not get the better of you.
For more tips, check out the Nerd Support blog where we discuss technology, strategies and more CPA’s can use to improve their firm.

Tax Season Accounting Workload Compression Leaderboard

Tax Season Cyber Security Tech Tips Thumbnail

How CPA’s Can Stay Safe During Tax Season

With Tax Season Comes Cyber Theft

Tax season can be a nerve-wracking, even confusing time as people rush to gather paperwork and file all their documents on time.

It’s a busy time for CPA’s as well. With constantly changing tax forms and regulations, they have to educate their clients on how to file correctly and efficiently.

With that said, it’s important both tax payers and accountants remain vigilant of tax-related cyber-attacks.

Prepare For Ransomware

Ransomware attacks are increasing and sensitive tax information is valuable to a hacker. In many cases, cyber criminals freeze files and data until accounting firms pay a ransom.

However, just because the ransom is payed it doesn’t guarantee they won’t use the stolen data afterward. The most recent tactic employed by hackers is to extort a CPA by threatening to release the data online or sell it to interested parties.

This is done now because companies are backing up their data more frequently and can simply undo the freeze by recovering data from a point before it was infected with malware. In this case, the target can avoid the ransom payment altogether.

In response to properly secured data backed up on the cloud, cyber criminals are instead choosing to use the extracted data itself as leverage.

Some of you might be asking, “If hackers can extort my company by threatening to release client data instead of freezing it, what’s stopping them from doing it indefinitely?”

The answer is: there isn’t. In theory, once your data has been obtained the thieves can use it in any way they deem profitable. There are even instances hackers receiving the payment and continuing to use the data to file false returns.

Once they have the data, hackers rush to file taxes electronically before the victim can. If the victim is too late, when they attempt to file taxes, the IRS will reject their submission. This is because the IRS refuses tax returns when there are filings with duplicate Social Security numbers. Sometimes, scammers will pose as the IRS through phone calls and emails. Here are some facts to consider if you’re ever in this situation:

Tax Season IRS Phishing Hints Stats

Cyber Scams Come in Many Forms

A vast amount of phishing campaigns are conducted by hackers during tax season. Emails, phone calls, SMS and text messaging are all mediums hackers use to manipulate targets. Some quick tips to help avoid a cyber breach are as follows:

Ignore Robocalls and Unfamiliar emails.

Anyone claiming to be the IRS through a phone call is obviously a scammer. But, hackers are getting more sophisticated. Hyper targeted email content is the best way a hacker can manipulate their victim to open an infected attachment or link.

The rule of thumb for safe emailing is not to share information with unconfirmed or unknown email accounts.

Hackers will pose as the IRS emailing clients a “tax transcript” as a way to get them to up social security numbers, passwords, credentials etc. Frauds use this ploy constantly. Any email that requests you provide sensitive data, no matter how legitimate it appears should raise alarm.

Encrypt, store and track all data.

As previously mentioned, Cyber criminals are getting more creative. There have been instances of hackers changing the address of a business so that notifications get redirected to another location.

Luckily, software exists to better vet and evaluate business returns.

This example illustrates the point that a breach might not have immediate red flags. Therefore, keep all data secure and encrypted.

Always send or input data on secure websites when needed. If you have data stored in the cloud, check that the provider follows the appropriate compliance mandates for security. Also, verify that they have a security plan and tools in place to guarantee your data remains in your possession alone.

91 percent of all cyber attacks come in the form of phishing scams.

The reason for this is simple, people will always be any organizations greatest vulnerability.

Taking the steps required to recognize and prevent a phishing attack is the first second and third priority of firms, businesses, and clients alike. All of the security and high-grade protection in the world is useless in the face of a careless user. There is only so much cyber security can do.

In the same tax professionals adapt to changing tax codes and policies, they should adapt to the shifts and changes in cyber attacks.

Tax Season Cyber Security Tech Tips Leaderboard

 

Cloud accounting roller coaster taking passengers down a slope.

The Evolution of Cloud Accounting: Automation and Opportunities for Growth

Cloud Accounting

 Cloud accounting provides enables efficient execution of tasks that cut down the time spent on client work. This also changes the way your services are measured and billed. Accounting should be understood as a consultation job much like with lawyers. You bill via fixed monthly fees rather than hourly.

Cloud accounting automates most transactions for clients. Accountants will progressively move towards accounting software that enhances the customer experience as opposed to the technical work itself.

Statistics show 67 percent of accountants around the globe prefer cloud accounting.

In fact, over the last decade, many industries have been impacted by the sweeping changes introduced by computer technology. For accounting this typically meant finding new ways to remain competitive and flexible without constantly investing in new technology. There are some glaring issues CPA’s are facing, however, and it requires forward thinking to resolve.

Automation

Automation is the looming threat that generates anxiety in many within the profession. Data entry is becoming an antiquated practice and streamlining the process by which an accountant works with their clients. In the future, artificial intelligence will organize schedules, make client profiles using available data and redefine the roll of accountants as a whole.
This is not a bad thing, however.

The industry is changing, but this is the fate of most industries as society advances forward, with new technologies and capabilities. Rather than see automation as a plague bringing inevitable ruin to an industry, see it as a liberation from much of the tedious and time consuming data entry and compliance work that holds the industry back from focusing on what really matters: the client.

Changing the Industry

Accountants don’t have to deal with paper tax forms or compile payroll manually. Modern software technology does all that work now.

In more traditional firms, this can be a bit of a culture shock. Graduating accountants are not being taught the fundamentals because that compliance work is done by software.

No system is perfect however, and accounting firms may need to adjust this shift by providing intensive training to all new hires within their firm. Emphasis on accounting principles will be needed for those trained in this new era of online accounting.

Redefining How Accountants Help

The needs of clients have changed as well. People are more independent as accounting becomes accessible and formerly more technical procedures are done online. The rise of investment apps and tax services online will mean fewer walk-in clients, but a rise in more specific consultation work.

Data entry work has been almost eliminated due to automation and cloud implementation. Printing paper checks and manually keying bills are tasks accountants no longer have to do.
It’s an inevitability that a firm reduce their workforce and scale down as technology redefines what work is done by CPA’s and what work is managed by algorithms. As a result, accountants will eventually, if not immediately, need offer specific services to clients like portfolio management and business consultation.

Staff Recruitment

Staff recruitment remains the main issue for CPA firms. This is according to research conducted by the American Institute of CPA’s. Finding competent and qualified staff is the first concern for CPA firms barring solo practitioners.

One of the reasons cloud technology is gaining traction is due to the fluidity of use the cloud provides for accountants. Hosting a variety of applications and even computers through the cloud increases efficiency and productivity through cloud sharing, minimizing the redundant processes that often come from that type of work

Cloud technology offers CPA firms the ability to access files from anywhere from any digital device. It also allows multiple users to work on documents, spreadsheets and presentations simultaneously at any time.

This increase in productivity creates an opening to focus more on staffing and vetting potential hires.

Cyber Security Concerns

Data breaches and cybersecurity concerns for CPA firms and their clients pushed this category into the top five ranking for all firm sizes.
The top issues survey is conducted every two years and results are organized by firm size. This is because smaller firms have different needs and perspectives than larger ones.
Cyber security is not just an important issue because it’s required by compliance, there are sever legal penalties if disregarded. The law mandates a firm be protected and any incident that occurs could mean a substantial fine.

The first and easiest thing one could do is have a secure password. People usually choose a memorable password like birthdays and anniversaries but that’s not always the best option. Something less predictable such as a combination of random letter, numbers and symbols are the surest route to making your data a little more secure.
To hackers, a CPA firm is a treasure trove of useful and sellable data. Cloud technology has advanced since it’s early years and many cloud providers, including Nerds Support offer advanced data security capabilities.

Changing Relationships

Traditionally accountants have focused on compliance and crunching numbers. Experienced accountants don’t tend to deal with this transactional work themselves, they do spend their time reviewing bookkeeping data and filing.

Due to automation and the advent of online and cloud accounting, accountants are performing more quality based work with clients. Accountants are now offering commercial insights by analyzing data via the cloud in a way only certified accountants understand. This allows for identifying important revenue drivers and consider how planning will impact profit.
Time is the greatest asset in any industry and accounting is no exception. 68 percent of accountants think that they could offer greater value to clients if they had more time, according to a study conducted by Xero. This indicates client demand for accountants has not gone down despite advancing technology and online tools.

Accounting Technology Statistics

83 percent of accountants believe understanding technology is as important as understanding accountancy. They understand the important changes brought about by technology and automation introduced to the industry.

Accounting On-demand

Cloud accounting and accounting applications changes the standard of working a specific set of hours at a specific location. Through the cloud, accountants can do remote work, only requiring use of online accounting software. The flexibility made available by emerging technology has altered and continues to alter the industries it impacts.  This is a boon for both businesses and accountants alike. Remote working widens the variety of what can be done and allows for a work-life balance that doesn’t sacrifice family priorities for their position.

This gives accountants full control of how they determine and prioritize importance of work. 75 percent of accountants believe they would be more successful if they chose their own work schedule.
This also means accountants can work on tasks on short notice using high functioning cloud based technology and provide improved an improved customer experience.

Cloud Accounting Disrupts Industries

These huge technological leaps like improved broadband coverage, cloud infrastructure, and adoption of smartphone and tablets is changing what a small business owner is and how they work with accountants.

Business owners are now millennials, aging baby boomers and mothers with free time and side ventures operating from their kitchen tables and living rooms. In order to understand this new breed of business owner accountants are going to have to adopt many of the technologies that drive their clients.

The cloud, like many technologies should not be seen as a trend or a fad, but as a natural progression of how businesses operate. Innovations have their origins in addressing a need and resolving that need. Keeping up with ever changing tax codes, developing technologies and associated costs creates pressure many industries. This pressure in turn necessitates unique solutions and it is up to the industry to recognize a paradigm shift. It’s you job to get ahead of the curb.

To learn more about cloud solutions visit the Nerds Support website, our blog or call us and we’ll answer any questions you may have.