it takes a village to stop cybercrime

we’re all in this together.

by donny shimamoto, cpa, citp, cgma
on cybersecurity for accountants
center for accounting transformation

i’ve been warning accountants about the treasure trove of taxpayer information they are entrusted with since 2014. that was the first year i spoke at an aicpa conference about it risk management and the need to self-assess information security risks. every year since then, via numerous conference sessions and webinars, i’ve taught both non-techie accountants and it professionals about the cybersecurity jargon, key threats, how to understand the risks, and how various types of administrative and technical controls help mitigate those risks.

more: donny shimamoto: future firm growth requires a mindshift | ai, ocr, nlp & cpas: oh my! | accounting nerds, unlock your super powers | early adopters gain an edge in audit | dustin wheeler: for serious cas success, hire tech teams | csr for cpas: the missing ingredient | donny shimamoto explains how ‘agile’ applies to cpa firms | staff retention for remote workers | why the future is in risk advisory | ready for non-cpa “cpa” firms?
exclusively for pro members. log in here or 2022世界杯足球排名 today.

as quickly as cybersecurity practices mature, new threats, threat delivery vectors and other schemes arise. what many people don’t realize is that identity theft is a lucrative business. whether taxpayer identification (e.g., social security numbers), bank account information, credit card information or healthcare information—these records have value on the dark web. fraudsters will pay handsomely for this type of information.

when i started intraprisetechknowlogies llc (itk) in 2001, i wanted to concentrate on the small and mid-sized business (smb) space. we were focused on automation technologies and developing adjunct accounting system solutions—those that worked to complement the core accounting solution. i’m purposely not calling it an enterprise resource planning (erp) solution because those solutions are often designed for big organizations. i used the experience i gained from being a part of pwc’s audit department and later its department of defense consulting practice, to develop solutions for the smb space that balanced innovation with internal controls—right-sized for the smb space.

historically itk worked directly with smbs directly—not accounting firms. we partnered with accounting firms to help their clients with innovation projects. we were a “safe” referral because we didn’t offer any traditional accounting services. we would also coordinate with the referring firm to ensure that whatever solutions we put in place didn’t disrupt their services to the client.

as the use of cloud accounting apps grew, the risk posture of accounting firms also changed. beginning around 2014, we started having accounting firms approach us not just to help their clients but to help the firms themselves. at first, my reaction was, “oh, i’m honored you’d ask, but we don’t have any experience working with accounting firms.” but these firm leaders countered with, “you work with smbs, and our firms are smbs—plus, we don’t want more of the same thing we hear from the typical consultants to the accounting industry. we want you to bring perspectives from other industries that you work with and use that to help us evolve what we’re doing.”

the light bulb in my mind went off, and i saw the potential value that we could bring, so i agreed. we’ve been working with a variety of sizes of firms, from sole proprietors to firms with 200+ people since then.

as tax practitioners, you have a duty to protect your clients’ information. litigation abounds when there is a data breach, and the level of disruption from a ransomware attack can also be crippling for a small firm.

it will take all of us…the irs, state and local tax authorities, financial institutions, cybersecurity professionals, cybersecurity software vendors, it professionals, and most of all, all of you—tax practitioners—to stop these cyber criminals. together we can make it as difficult as possible for these criminals to get taxpayer information—giving peace of mind to our clients that they are protected when they do business with us.

posted on july 8, 2023

donny shimamoto

about the author

donny c. shimamoto, cpa.citp, cgma, is the founder and managing director of intraprisetechknowlogies llc, a specialized cpa firm dedicated to helping small businesses and middle market organizations leverage strategic technologies, proactively manage their business and technical risks, and enable balanced organizational growth and development. donny also works with larger organizations as a trusted business advisor, facilitating organizational strategic planning and execution, it governance and planning, enterprise architecture, information architecture and assurance, business process improvement, and business intelligence initiatives.

click here for more by donny shimamoto

as the founder of the center for accounting transformation, shimamoto is leading a movement to change the world for the better by empowering and equipping accountants with the leading-edge tools and techniques.

donny was the first certified information technology professional (cpa.citp) in the state of hawaii and is one of only four in the state. the citp credential is a specialty designation of the american institute of certified public accountants (aicpa), that identifies certified public accountants (cpas) with the unique ability to bridge between business and technology; meeting the strict requirements for a cpa license as well as additional training and experience in technology strategic planning, it architecture, business process enablement, system development and acquisition, it audit and control, and it governance.

the immediate past chairman of the aicpa’s imta executive committee, donny has been both influential and critical in several aicpa initiatives including the development of an it competency model for cpas, and redesign of the citp credential. donny previously co-chaired the aicpa’s business intelligence working group, researching and creating practice aids in the area of evidence-based management, application & data integration, and information assurance. donny has also been involved in the authoring of guidance published by the aicpa on it considerations for risk-based auditing and enterprise business intelligence. as a subject matter expert, donny is often an invited speaker at national and international webinars and a familiar key-note speaker at national-level conferences.

donny obtained invaluable knowledge and exposure to a wide range of industries and sectors (retail, hospitality, state government, defense, and higher education) while earning his cpa license as a member of pricewaterhousecoopers llp's business assurance services, operational & systems risk management services, and management consulting services lines of business. with itk he has expanded his industry expertise to include not-for-profit (social services, foundations, and membership organizations), professional services, small businesses, technology, and mobile professionals.

click here for more by donny shimamoto