Cyber Hygiene 101: Is Your Sensitive Data Secure?



CPA firms are entrusted with their clients’ most confidential, sensitive data—the type of information that makes them a prime target among cybercriminals. Safeguarding your clients’ personal data therefore requires the utmost due diligence. Adhering to rules governing record retention and professional standards are mission critical, but only the start. While notable progress in technology has been made to help ensure that private information remains confidential, data breaches still happen. Most often, it is not the result of a technology platform failure, but by something much more unpredictable—human error.

Researchers at Stanford University found that 88% of all data breaches are caused inadvertently by an employee. While this has been a consistent trend in cybersecurity for many years, it can be avoided with persistent cybersecurity awareness and policy training for employees. According to Wing VC (Research Note on RSA 2019), 80% of the problem can be solved by getting cyber hygiene correct, rather than chasing the latest advanced technology.

According to the Cost of a Data Breach Report, (with research conducted by the Ponemah Institute), the most common type of records stolen are Customer Personally Identifiable Information (PII) such as social security numbers, names, addresses, date of birth, etc., the exact type of information CPA firms maintain. In fact, Customer PII was included in 44% of all breaches in the study. It was also the most expensive type. In 2021, on average, the loss of Customer PII cost $180 for each lost or stolen record (a 20% increase from $150 per record in 2020).

In today’s digital world, hackers understand that small and medium-sized organizations are significantly less protected than larger firms. Developing a prioritized cyber health plan to improve your organization’s safety and security and to help you avoid data breaches, phishing, identity theft, social engineering and ransomware is paramount. If you have fall victim to one of these schemes, your data—your clients’ data—your reputation—they are all at risk.

Understanding your cybersecurity health is as important to your business as understanding the health of your balance sheet.

By committing to a cybersecurity education program, you can protect vital information, safeguard your business and sleep better at night knowing you are creating front-line defenses against cyber criminals.

For more valuable cybersecurity information visit

Continue the importance of your cyber hygiene conversation - with SenCy, CEO, Rick Snyder, CPA -  at the MICPA Small Firm Practitioners Conference. Don’t miss his session, Ask the Experts: Cybersecurity Edition, on August 17 from 3:40 – 4:30 pm. 

Source: MICPA

 Back to List