Cybercrime has gotten out of control and it is time for us to lock down our digital assets.
October 22, 2019
Kynektyd, an IT solutions provider, announced the release of a white paper titled “Cloud Migration Best Practices: Practical Guidance for Sole Practitioners and Small Accounting Firms.” The paper proposes a novel approach for operating a virtual accounting practice. It allows firms to enjoy the benefits of working in a distributed work environment, while reducing the impact of a potential cybersecurity incident.
Embracing cloud technologies provides a unique opportunity to both better service clients and provide employees with greater flexibility. That said, practitioners must ensure that the environment in which this innovation occurs is safe and controlled. Kynektyd’s framework addresses this concern. “Now that practitioners are coming out of tax extension season, and given that this is cybersecurity awareness month, it is an ideal time for CPAs to undertake a review of their cybersecurity compliance initiatives,” said Cary Jozefiak, a process engineer and the President of Kynektyd.
The paper’s contents could be expounded to produce volumes of books, but the document is beautiful in its simplicity. It addresses the technological, procedural, regulatory and ethical challenges the CPA profession is facing in under 20 pages. In this rapidly evolving technological environment, CPA practitioners are put in a difficult situation. On one hand, they have an ethical and legal duty to preserve their clients’ confidentiality. On the other hand, they are working in an environment that is inherently insecure. Without appropriate procedures and protocols in place, should a breach occur, a practitioner may be deemed negligent and exposed to significant liability.
The AICPA Code of Professional Conduct Rule 1.700.001, Confidential Client Information Rule, states that a member in public practice shall not disclose any confidential information without the client’s specific consent. Furthermore, Section 7216 of the Internal Revenue Code states that any person engaged in the preparation of tax returns, who knowingly or recklessly discloses information furnished to them, shall be guilty of a misdemeanor.
While insurance can be purchased to cover some of the legal and financial expenditures, the reputational loss associated with a data breach is almost certain to be unrecoverable for most practitioners. Without appropriate protocols in place, there is also a risk that the breach could constitute an act discreditable to the profession. This could result in the loss of the practitioner’s license to practice public accounting and prepare tax returns for the Internal Revenue Service. That said, cybersecurity training is not part of most accounting programs’ core curriculum, it is not required Continuing Professional Education (CPE), and there is no enforcement mechanism within the AICPA’s peer review process to ensure compliance with the confidentiality standard.
Kynektyd’s model allows practitioners to develop evidence that due care was exercised in the execution of their professional duties should a cybersecurity incident occur. Using Kynektyd’s framework the practitioner need not be concerned with how the underlying technology functions because it takes advantage of a shared responsibility model. This allows the practitioner to rely on service providers’ System and Organizational Controls (SOC) audit reports for meeting their ethical and regulatory obligations. These reports cover representations made by an organization with respect to the security, availability, processing integrity, confidentiality, and privacy controls of their systems. It alleviates the practitioner from having to undertake independently verifying that the systems they are relying on are functioning as advertised. For instance, a practitioner relying on an Infrastructure as a Service (IaaS) provider need not be concerned with physical security protections, such as locked badge-entry doors, fences, and guards, if they obtain a SOC audit report covering such controls.
The whitepaper elaborates on the details of where a technology vendors’ responsibilities end and where a practitioners’ responsibilities begin. The security framework proposed in the paper is based on a rapidly evolving mindset that makes identity the primary parameter of defense. This is a natural evolution given the explosion of bring-your-own-devices and cloud-based applications, that render perimeter defenses, such as firewalls, largely ineffective. Reliance on SOC audit reports allows the practitioner to focus on managing who has access to their clients’ data and limiting the damage an employee’s compromised identity could have on the firm’s clients.
Kynektyd’s protocols also describe, in simple language, how a practitioner may deploy artificial intelligence to improve the effectiveness of an intrusion detection and prevention system. The model is inspired, in part, by the work of Roman V. Yampolskiy, a computer scientist at the University of Louisville, who is exploring the intersection of cybersecurity and artificial intelligence. In a Harvard Business Review article published in 2017 Yampolskiy proposed that “our best hope to defend against AI-enabled hacking is by using AI.” Kynektyd’s protocols employ several readily available Microsoft technologies to allow small CPA firms to realize Yampolskiy’s vision cost-efficiently.
“There is a lot of work that needs to be done to secure US citizens’ privacy. Our hope is that once practitioners begin to adopt and perfect these protocols, they will be positioned to help their clients do the same. Cybercrime has gotten out of control and it is time for us to lock down our digital assets,” said Ben Podraza, a Certified Public Accountant and the Chief Executive Officer of Kynektyd.
Kynektyd develops, deploys, and supports technology solutions that help organizations operate more efficiently and profitability. The objective is to maximize the value organizations realize from their technology investments, while keeping human interests at the center of that innovation.
Share article on social media or email:
Published at Tue, 22 Oct 2019 00:00:00 +0000