U.S. Cybersecurity EO and its Impact on Accounting Firms
The U.S. Cybersecurity Executive Order (EO) will not only affect the federal agencies, departments, and government contractors but also the private sector. Let’s explore its possible impacts on accounting firms.
On May 12, 2021, President Joe Biden issued the EO on Improving the Nation’s Cybersecurity in response to the increasing cyberattacks that threaten the security and privacy of the public sector, private sector, and American people. To achieve this, “the Federal Government needs to make bold changes and significant investment” which includes:
- Removing barriers to sharing threat information between the government and private sector.
- Modernizing and implementing stronger cybersecurity standards by:
- increasing the government’s visibility to threats,
- adopting security best practices,
- advancing towards Zero Trust Architecture (Zero Trust means no device, software, application, or user is considered secured unless verified),
- accelerating movements to secure cloud services,
- centralizing and streamlining access to cybersecurity data, and
- investing in both technology and personnel to match the modernization goals.
- Enhancing software supply chain security.
- Establishing a cybersecurity safety review board.
- Standardizing the Federal Government playbook to guarantee a coordinated and centralized response to cybersecurity vulnerabilities and incidents. It can also be used by the private sector.
- Improving the detection of malicious cyber activities on Federal Government networks.
- Boosting the government’s investigative and remediation abilities.
- Adopting the National Security Systems.
The executive order on cybersecurity has a dynamic timetable, with deadlines ranging from 45 to 120 days for the concerned agencies to start the implementation of key requirements.
Review the full scope of the executive order here to learn more.
How will the U.S. Cybersecurity Executive Order affect accounting firms?
Here’s a run-through of the potential effects of the cybersecurity EO to different areas:
Doing business with federal clients
Government accounting firms — or firms that work as prime contractors, subcontractors, or suppliers to federal clients — will likely need to review their security and compliance practices to adhere to the requirements stated in the EO.
Adoption of practices
The requirements stated in the EO are expected to affect both large and small companies belonging to the public and private sectors.
As mentioned in section 1 of the Order, “the private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster more secure cyberspace.”
Securing the supply chain
Because accountants normally deal with sensitive and confidential financial information, accounting firms should evaluate their security processes. This includes the security of their information technology infrastructure, networks, accounting software, and tools that could be prone to malicious attacks.
In addition, it’s also worth considering reviewing third-party contracts with vendors to ensure a transparent sharing of threat and breach information.
See the cybersecurity best practices below to learn more.
The next steps
Private companies should also take action in protecting the availability, confidentiality, and integrity of their data and systems.
In a memorandum, the White House emphasized that companies that consider ransomware “as a threat rather to core business operations” than a simple case of data theft can “react and recover more effectively.”
The memorandum also lay down the U.S. Government’s best practices in reducing cybersecurity risks, as outlined below:
- Implement the best practices, as stated from the executive order, by:
- using multi-factor authentication,
- utilizing endpoint detection and response to search for any malicious activity and block it,
- using data encryption, and
- having a skilled and empowered cybersecurity team.
- Always keep a backup of your data, system images, and configurations offline. Moreover, make sure to test them regularly.
- Update and patch systems, including the maintenance of your operating system, applications, and firmware’s security.
- Test your incident response plan.
- Check the work of your security team.
- Segment your networks
Aside from these, developing an accounting firm's cybersecurity plan unique to the needs of your organization is also an ideal way to another layer of protection against cyberattacks.
The U.S. Cybersecurity Executive Order may be an extensive step but with proper implementation and coordination, it is a worthy investment. In the age where cybercriminals are getting smarter, it’s crucial to take several steps ahead to make sure they won’t catch up.
Are you looking for cost-effective ways to increase the talents in your accounting firm without compromising your data? Try outsourcing with us.
D&V Philippines implements strict data security measures to ensure the safety and security of our client’s financial information. To learn more, talk with us today or download our whitepaper, Outsourcing: How to Make It Work.