An accounting information system (AIS) plays a critical role in any business. It is fabricated to capture, process, maintain/store, and distribute business transaction information pertaining to the transaction cycles (i.e., the revenue, expenditure, production, and reporting cycles). The central objective of an AIS is processing financial information, but it also processes the nonfinancial transaction data (e.g., a new employee or supplier). Without reliable data, an accounting information system serves no purpose.
Data has become the bedrock for most companies’ business process model, ranging from strategic planning to customer service. When data is used effectively, it enables management to foresee trends, recognize opportunities, and maintain a competitive advantage by understanding consumer behavior and anticipating changes in the market. Data interpretation will greatly aid informed decision making and allow your company to experience growth and prosperity.
Utilizing an accounting information system has numerous benefits, but with that comes increased risk and more responsibility; particularly because customer data is presumably being collected and stored on the system. If a company is utilizing an accounting information system, it should also have a control framework. Controls refer to the policies and procedures put into practice to prevent, detect, and correct threats, or recover after a successful threat event (threats being both internal and external). There are a number of relevant control frameworks to guide management towards proper IT governance and risk management. To name a few, there are the COSO, COBIT, and NIST frameworks to choose from. Keep in mind that not one of these frameworks are all-encompassing for 100% security.
Unfortunately, as your company amasses data, the chances of it becoming a cybercriminal’s target only increases. One of the preferred attack vectors on dealerships is through ransomware. The ransomware threat, among others, is perpetually evolving. It is a form of malware that is usually implemented into the victim’s system by clicking on a phishing email. Data, documents, and files will be encrypted (made inaccessible) and possibly brandished until the attacker receives payment, generally in the form of bitcoin.
Due to the heightened work-from-home environment, 2021 realized a significant increase in the occurrence, cost, and response time of cyberattacks. According to SonicWall, the volume of ransomware attacks in the first three quarters of 2020 (199.6M) compared to 2021 (495.1M) increased almost 150%. The average total cost of a data breach in the retail industry increased to $3.27 million in 2021 from $2.01 million in 2020, a 63% spike as per IBM’s Cost of a Data Breach Report. Customer personally identifiable information is the most costly to recover at an average of $180 per compromised record. It took the most amount of time in 2021 to identify (212 days) and contain (75 days) a data breach.
Cyberattacks are a real, costly, and unnecessary threat. A myriad of approaches exist to help prevent and mitigate the financial burden of a data breach. Some recommendations include:
• Adopt a zero trust security model
• Invest in security orchestration, automation and response (SOAR)
• Develop and stress test your incident response plan
• Use policy and encryption to protect data in the cloud environment
• Invest in updated systems, governance, risk management, and compliance programs
As previously mentioned, if your business is growing, so is the data it collects, and with more data comes more cybercriminals. The difficulty of thwarting a cyber threat is evident; and with the recent trajectory, it seems the burden will continue to intensify. If this concerns you, please contact your AutoCPAGroup member today to see how they can help you.
Click here for the full version of the AutoCPA’s Autumn issue.