Federal Rulings Send Mixed Signals to CPAs Regarding Cybersecurity

Recent court cases shine a spotlight on the need for cybersecurity for financial services and accounting firms. Learn what you can do to keep customer data safe.
Scroll Down

Cybersecurity Requires Comprehensive Solutions for Chicago Firms

Recent court cases shine a spotlight on the need for cybersecurity for financial services and accounting firms. Learn what you can do to keep customer data safe.

Financial services and accounting firms face increasing pressure to ensure that client data is protected at all times, whether it’s stored on company servers or in the cloud, or in transit between companies, customers, and third parties.

Two recent court rulings have muddied the waters when it comes to the responsibilities professional services firms face when it comes to data protection and cybersecurity. No matter where the courts land, however, financial services and accounting firms should ensure they have robust security solutions in place.

Accounting Cybersecurity Solutions In Chicago IL

What Recent Court Rulings Affect Professional Services Firms and Cybersecurity?

Several recent court rulings have sided with plaintiffs, noting that the potential fear and harm of cyberattacks gives them standing to sue. In Galaria v. Nationwide Mutual Insurance Co., the 6th Circuit Court of Appeals ruled that an increased risk of future harm of identity fraud was enough to qualify them as able to pursue litigation.

That ruling was similar to those of other earlier appellate court rulings in cases involving Neiman Marcus and Zappos. In both cases, appeals courts overturned parts of lower court decisions that addressed the concerns of imminent or potential credit card or identity theft. As the court noted in the Neiman Marcus case, “customers should not have to wait until hackers commit identity theft or credit-card fraud to give the class standing.”

The appellate courts are, however, not in full agreement with the issue of whether plaintiffs have the standing to bring a case against an entity when records are compromised. In two cases before the 4th Circuit Court, jurists were asked to consider multiple class-action lawsuits brought about separate incidents over two years regarding the theft of data from the Dorn Veterans Affairs Medical Center.

In the Dorn cases, the court upheld district court rulings that dismissed the claims—saying that potential future harm was insufficient to point to injury, noting that since no documented cases of identity theft had been brought forward three to four years after the breaches.

It may ultimately rest with the Supreme Court to take up these data security issues.

What Legislation Affects Data Security for Accounting or Financial Services Firms?

On January 1, the California Consumer Privacy Act went into effect. The law, the most comprehensive in the nation, allows state residents to know what data is collected about them, whether personal information is sold and to whom, access the data, and opt-out of or request deletion of said personal data. It affects businesses that do business in the state with annual revenue over $25 million, or buys and sells personal information on 50,000 or more households or individuals, or earns more than half of its annual revenue from selling consumer personal information.

The law is expected to be used as a model by other states looking to tighten the guidelines governing data collection.

The California law comes soon after the enactment of the General Data Protection Regulation, which requires organizations to have proper controls in place governing data for European Union citizens.

Financial services and accounting firms are likely to need to develop and demonstrate solutions that protect data from multiple jurisdictions.

What Can Our Firm Do to Protect Customer Data?

Accounting and financial services firms should consider the following as a baseline for keeping customer data protected:

  • Conduct a comprehensive cybersecurity risk assessment with an external managed services provider
  • Ensure there are policies in place regarding the access, use, and control of sensitive data
  • Appoint a chief information security officer responsible for cybersecurity solutions and compliance
  • Use encryption to manage data at rest and in transit
  • Adopt multifactor authentication controls for accessing information from devices, especially remote connections
  • Create a disaster recovery strategy
  • Use automatically updated anti-spam, anti-phishing and anti-malware programs
  • Educate employees regularly about the importance of cybersecurity and the risks of noncompliance with company policies and state and regional mandates

At Infiniwiz, we help Chicago area financial services and accounting firms with cybersecurity issues. From IT consulting to penetration testing and ongoing network monitoring, Infiniwiz can create and implement a solution designed to address your company’s unique cybersecurity needs. Contact us today to learn more.