McDonald Hopkins' Data Privacy and Cybersecurity practice group published an alert today advising CPAs, law firms, PEOs, financial advisors, and insurance agents to beware of the latest security threat. These professional service firms have at least two things in common: They have large amounts of sensitive Personal Information (PI) and Protected Health Information (PHI) about their clients and employees; and (2) they are the new targets for sophisticated cyber/data thieves.
While major corporations are indeed targets for cyber attacks, most of those companies have taken the proper steps to minimize the risk of additional privacy incidents. The smartest cyber criminals have realized that while corporate America and the U.S. government employ sophisticated security systems, many service providers such as law firms and CPA firms are still in the age of Windows 95. The cyber criminals have taken advantage of this failure, or inability, to keep up with them and, as a result, client and employee data is at serious risk.
Professional service organizations run a very high risk of losing their client base if they fail to take the precautionary measures to avoid a data privacy incident or cyber attack. Clients are starting to say to their professional service providers: We take the following preventative measures to protect our own sensitive information - - what are you doing to protect our PI and PHI at your firm? And you need to be in a position to respond with a better answer than: We use passwords on our computers!
Click here for the full McDonald Hopkins alert which includes a summary of preventative policies and practices organizations should have in place to minimize the risk of a data privacy incident.