When protecting your organization from cybercriminals, it is essential to understand what needs safeguarding to set up appropriate the safeguards. The key is combining strong technical controls, solid processes, and regular user training.
The chilling headlines are no longer rare. Cybercriminals are relentlessly targeting accounting firms, knowing your organizations hold the keys to sensitive financial information. Here are the numbers:
- Phishing Attacks Surge. In 2024, phishing attacks increased significantly, with a 202% rise in overall phishing messages and a 703% surge in credential-based phishing attacks.
- Rising Data Breach Costs. The global average cost of a data breach reached $4.88 million in 2024, a 10% increase from the previous year.
- Human Error Prevalence. A staggering 88% of cybersecurity breaches are attributed to human error.
- Widespread Cyberincidents. In 2024, 67% of firms surveyed reported an increase in cyberincidents over the past year, with the average number of attacks per organization rising to 66.
In recent years, prominent accounting firms have been targeted by cybercriminals. In 2021, global giant KPMG suffered a data breach from a misconfigured server, resulting in costly investigations and potential fines. In 2023, BDO USA experienced unauthorized email access, with remediation and legal costs exceeding $5 million, along with reputational damage. Not every case involves big firms, of course. These cases simply highlight how sophisticated threat actors can exploit even the smallest vulnerabilities to cause major harm.
When protecting your organization, it is essential to understand what needs safeguarding, to set up appropriate safeguards, to have a disaster plan, and to train your team.
Identify Your Cyber Risks
Too often, leaders invest heavily in advanced technical solutions that fail to cover all systems or, worse, exhaust the entire cybersecurity budget without addressing the full scope of risk. Taking the time to identify and document all critical systems, applications, and data ensures you will secure what truly matters and not leave gaps unnoticed.
Fortify Your Cyber Landscape
To protect your firm against cyberthreats, you need to start fortifying your environment with the right technical controls. These tools form the frontline of your cyberdefense, working behind the scenes to detect, block, and respond to attacks before they cause damage. The following technologies are essential for building a secure, resilient IT environment.
Email Security – Phishing remains the most common entry point for cyberattacks, especially in professional services. Robust email security solutions that include advanced threat filtering, impersonation detection, and anti-malware scanning are essential to stop threats before they reach employees’ inboxes.
Endpoint Detection and Response – Endpoint detection and response (EDR) solutions monitor your firm’s devices in real time, detecting and responding to suspicious activity like ransomware, malware, and unauthorized access. Managed detection and response (MDR) adds a team of experts to monitor and respond to threats on your behalf. This is ideal for firms without a full-time cybersecurity team. Extended detection and response (XDR) goes a step further by integrating data across endpoints, networks, cloud services, and email to provide a unified view and a faster, more coordinated threat response.
Least Privilege Access – Enforcing least privilege means granting users access only to the data and systems they absolutely need. This limits the potential damage in the event of a breach, reduces the attack surface, and improves compliance by aligning access with job responsibilities.
Identity and Access Control – Strong identity protection goes beyond usernames and passwords. While MFA has been a good first step, basic forms like SMS or app codes are now being actively bypassed by attackers. Moving to passwordless authentication using FIDO2, such as biometric logins or hardware security keys, offers phishing-resistant, seamless access control that significantly enhances both security and user experience.
Security Information and Event Management – Security information and event management (SIEM) systems collect and analyze security data from across your entire network in real time, providing centralized visibility into potential threats and suspicious activity. By correlating logs from devices, applications, and users, SIEM tools help detect complex attacks that might otherwise go unnoticed. This proactive monitoring enables faster incident detection and response, helping your firm stay ahead of evolving cyberthreats.
Preparing for Disaster
While technical tools defend your systems day to day, process controls ensure your firm is ready when, not if, a cybersecurity incident occurs. Proactive strategies will help you recover quickly, reduce downtime, and meet compliance requirements when disaster strikes.
Maintain Automatic and Tested Backups – Backups are your last line of defense against ransomware and data loss. But having backups isn’t enough: they must be automated, stored securely offsite, and regularly tested to ensure they can be restored quickly and completely. A well-maintained backup system can mean the difference between recovery and ruin.
Conduct Regular Risk and Compliance Assessments – Cyberrisks and regulatory requirements are constantly evolving. Regular risk assessments help identify vulnerabilities, gaps in controls, and compliance issues before they become business-threatening problems. These reviews should be scheduled at least annually (or more frequently) during periods of change or audit preparation.
Establish an Incident Response Plan and Team – When a cyberincident happens, a well-prepared response can drastically reduce damage and downtime. Every firm should have a documented incident response plan (IRP) and a designated team trained to act quickly. The plan should outline roles, communication protocols, legal obligations, and recovery steps. It should be tested through tabletop exercises or simulations.
Train Your Team
Even the best technology and processes can fail if your people aren’t prepared. Employees are often the first line of defense and also the most common point of failure. That’s why regular cybersecurity awareness training is essential to any strong defense.
Train Users to Spot Threats before They Click – Phishing emails, malicious links, and social engineering attacks rely on human error. According to Verizon’s 2024 Data Breach Investigations Report, 74% of breaches involved a human element, including errors, stolen credentials, or social engineering. Ongoing user training helps staff recognize threats, report suspicious activity, and respond appropriately, turning your weakest link into an active defense layer.
Make Security Part of the Culture – Training shouldn't be a once-a-year checkbox. Use short, regular sessions, simulated phishing campaigns, and clear policies to keep security top of mind. When employees understand the risks and feel responsible for protecting client data, the entire firm becomes stronger.
Use Tools that Reinforce Learning – Platforms like Microsoft Defender for Office 365 include built-in phishing simulation tools that let you safely test your team’s awareness in real time. These simulations help identify high-risk users and provide targeted education, making training measurable and actionable. When combined with regular reporting and feedback, these tools create a continuous improvement loop that strengthens your firm’s human firewall.
Final Thoughts
Accounting firms face growing cyberthreats that require more than software fixes. Combining strong technical controls, solid processes, and regular user training is key to reducing risk and keeping business running smoothly. Cybersecurity can only be achieved with everyone’s involvement!
Jeff Leitheiser, CISSP, is head of cybersecurity at Ferrara IT Services, a Philadelphia-based managed IT services provider specializing in supporting accounting firms. He leads client security strategy and infrastructure design, with deep expertise in multilayered defense and risk mitigation. To learn more, visit FerraraIT.com or contact info@ferrarait.com.
Sign up for PICPA's weekly professional and technical updates by completing this form.
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of the PICPA's officers or members. The information contained herein does not constitute accounting, legal, or professional advice. For actionable advice, you must engage or consult with a qualified professional.
