By Allison Henry, Vice President, Professional & Technical Services
Are you prepared to work with the U.S. Secret Service or the IRS’s criminal investigation unit on an ongoing “cyber breach” criminal investigation? How about coping with a public relations nightmare? This situation became a reality for Lyons & Lyons, a CPA firm based in Ridgefield, Conn., and Fairfield, Conn., when hackers breached its systems, potentially compromising information for as many as 900 clients.
Busy season is officially over, so now is a good time to take stock of all of the personally identifiable information in your firm’s possession and focus on addressing the risks posed by a potential cybersecurity breach. The complexity in this area can be daunting: from understanding the threat environment, to grappling with a patchwork of laws and regulations (breach notification laws in most states and territories, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, etc., etc., etc.) to developing a formal incidence response plan, to understanding the differing types of cybersecurity insurance. And don’t forget developing employee training sessions, conducting penetration testing, and dealing with third-party vendor risk management.
To help ease the burden of dealing with these complex areas, the PICPA has developed a cybersecurity threat management program, Navigating the Cybersecurity Storm: Leveraging Technology (746100), that aims to help practitioners in public practice and in business understand some of the key cybersecurity risks that their organizations face, manage those risks, and prepare for a cybersecurity breach. Perhaps you don’t know what you don’t know, and that may be the most valuable thing you can learn at this program. The threats are real. The exposure can be devastating. However, it pays to plan ahead. I hope you can join me and our all-star speakers on May 18 for a day (or half-day) of provocative discussion. If you can’t join in person, consider joining via webcast. For your convenience there are morning and afternoon sessions to accommodate your schedule.