Data Security

By CPABC
Last Revision: 8/31/2017

Email Scam Targets Professional Services Firms

We caution practitioners that an email scam is targeting accounting and law firms – we’ve heard of incidents across the country.

This scheme involves the fraudster “spoofing” a senior staff member’s email address thus making it appear that the email is actually sent from within the firm. The email asks internal accounting staff to send funds electronically or divulge bank account information. Often faking some sort of emergency, the email sender asserts rank and urges the recipient to bypass normal protocols. Victims have lost funds that might not be covered by insurance.

We suggest practitioners establish procedures for transferring of funds – this is especially important if you handle funds for clients. Train your staff to be suspicious of any emails that deviate from norm.

Have you heard about Ransomware?

At least three BC law firms have been the targets of “ransomware,” a type of malware that encrypts the files on computers and networks, blocking access until the victim makes a payment to the extortionist.

While very unfortunate for the lawyers involved, this is an opportunity for public accounting firms to review their IT security policies. Are you regularly backing up your files? Have you trained your staff to not open attachments from unknown sources? Have you installed up-to-date anti-virus software? To learn more about “ransomware” and how you can protect your firm, read this notice put out by the Law Society of British Columbia.

If you aren’t “tech-savvy”, then you might consider seeking expert technical advice on how to best protect confidential client information. We remind all CPA public practice firms that they have obligations under the CPABC Code of Professional Conduct, as well as provincial privacy legislation, to safeguard confidential information concerning the affairs of current and former clients. It doesn’t matter whether the information is a hard copy or in an electronic or digital format, so putting a lock on the file room door isn’t going to be enough!