Do you have the protocols in place to safeguard your small firm?

cyber security for small cpa firmsManipulation Impersonation Exposure or Social Engineering Fraud is the latest global cyber threat. Anyone can be a target, with the stakes ranging from a loss of several hundred dollars to millions in cash or inventory. Fraudsters reach out to unwitting employees posing as CEOs, vendors and customers, research their behavior and benignly hack into emails. 

Such attacks are increasing at an alarming rate. Make sure you have the right protocols in place. You do not have to be the next victim if you follow these best practices:

  • Develop procedures to authenticate the transfer of funds
  • Apply similar procedures to verify the authenticity of customers and vendors
  • Determine who within your firm has the authority to move funds on request
  • Implement an encryption system for emails
  • Change passwords every 60 – 90 days
  • Determine types of exception protocols and put controls in place
  • Understand lessons learned from past loss and claims experience
  • Train employees (especially executives who are primary targets) in appropriate policies and procedures

Remember to check the next time someone internally or externally asks to transfer funds.  Call the person to confirm the transaction – and remember that a phone call is the best practice to avoid social engineering fraud.

This valuable information has been specially developed by Protexure, a highly-rated, low-cost professional liability insurance program specializing in small firm risk protection. Find out more about our risk management program, and our policyholder hotline, at