A 2022 survey by CPA Practice Advisor found that only 40% of CPA firms had a comprehensive cybersecurity plan in place.
Another report from 2022 (this one conducted by the AICPA) indicated that 25% of CPA firms experienced a data breach within the last two years.
Cybercriminals target CPA firms because of the valuable and sensitive data they handle. Cybercriminals know that many firms are “easy targets” because of their often-insufficient cybersecurity defenses.
Here are some key reasons hackers attack CPA firms:
1. Access to Sensitive Client Data
CPA firms handle large volumes of sensitive information, including:
- Personal Identifiable Information (PII): Names, Social Security numbers, addresses, and contact details.
- Financial Data: Tax returns, bank account details, and investment records.
- Corporate Data: Financial statements, audit reports, and confidential business strategies.
Hackers can use this data for:
- Identity theft.
- Filing fraudulent tax returns for refunds.
- Selling data on the dark web.
2. Financial Exploitation
- Ransomware Attacks: Hackers may encrypt a firm’s data and demand a ransom for its release, knowing the firm might pay to avoid downtime and protect client trust.
- Wire Fraud: By compromising systems, hackers can manipulate transactions or trick the firm into transferring funds.
3. Weak Security Practices
CPA firms, especially smaller ones, may not have robust cybersecurity defenses. Hackers often exploit:
- Outdated software.
- Weak or reused passwords.
- Lack of multi-factor authentication (MFA).
4. Targeting High-Value Clients
CPA firms often serve high-net-worth individuals, businesses, and government entities. Compromising the firm’s systems can give hackers access to these clients’ data.
5. Access to Supply Chain Networks
A CPA firm might serve as an entry point to larger organizations in its client network. Hackers can:
- Use the firm to compromise a client’s systems (e.g., through phishing or malware).
- Leverage the firm’s trusted position to distribute malicious emails or documents.
6. Espionage and Competitive Intelligence
Hackers, especially those sponsored by competitors or nation-states, may target CPA firms to:
- Steal proprietary business data.
- Gather financial intelligence on mergers, acquisitions, or investments.
7. Exploiting Tax Season Vulnerabilities
During tax season, CPA firms handle increased workloads and communications, making them:
- More susceptible to phishing and social engineering attacks.
- A prime target for hackers seeking to intercept or falsify tax filings.
8. Reputation Damage and Extortion
Hackers may threaten to leak sensitive client data unless the firm pays a ransom. This tactic exploits the firm’s reliance on its reputation for confidentiality and professionalism.
9. Access to Regulatory and Compliance Data
Firms dealing with compliance audits and financial oversight possess critical data that may include regulatory filings, compliance checklists, and corporate governance details. Hackers can exploit this information for fraud or blackmail.
10. Use of Infrastructure for Cybercrime
Once inside a CPA firm’s systems, hackers might:
- Launch phishing campaigns using the firm’s trusted email domain and request clients to pay bogus bills or input additional account information thus giving the criminal access to significant cash!
- Set up a base for distributing malware to clients or third parties.
*This last category is one we see often with small and medium-sized companies. From CPA firms to landscape companies or manufacturing companies, hackers will collect client names and email addresses, and the account numbers associated with the legitimate business and send “invoices” for products and services payable to one of the hackers personal accounts.
Need help determining the current state of your IT infrastructure so you can identify vulnerabilities? Structured Technology Solutions is offering complimentary IT assessments to CPA firms in preparation for “busy season.” We would much rather get a call from you NOW than at the beginning of April when your network crashes and you have no idea how to access your backups!