How to Respond If Your Firm Is Hacked

minute read

Last Updated February 28, 2019

Category Cybersecurity


“Oh no, we’ve been hacked.” Words no one wants to hear, but a potential reality for accounting firms and their clients.  Because of the significant amount of personally identifiable information stored within CPA firms, every single one, regardless of size, is a potential target.  Take into account the broad range of security capabilities amongst firm IT teams. New security holes being discovered daily, and simple mistakes made by staff clicking on the wrong email, and you quickly realize that every firm is vulnerable.


So how should your firm respond to minimize the damage once you find out you’ve been hacked? 


Respond Timely

One of the first questions the firm will have to answer is “When did you become aware of the breach?” Studies done by the Ponemon Institute point to a significant reduction in financial damage to a hacked business the quicker they respond.  Having an incident response plan in place that identifies the resources needed to address a potential breach will reduce the time it takes to confirm if a breach occurred and potentially assess the damage.  Already having a designated team consisting of internal leadership and IT resources, as well as external IT, forensic, legal and insurance personnel that you can call upon, will help in developing and instigating an incident response plan.


Be Transparent

Dealing with facts is critical. Once the incident team has identified the cause and extent of the breach, the steps are taken to ensure it does not happen again. Next, potential remediation plan for those impacted by the breach (including meeting with legal and insurance resources), the firm should provide a consistent message with these facts to all stakeholders.


Control the Message

Providing inconsistent messages to different stakeholders can create uncertainty and undue speculation, which can diminish trust with the firm.  Again, pre-identifying a firm leader within an incident response plan will help the firm control the message being delivered. This document can detail how the firm would concurrently notify staff, clients, media, and other critical stakeholders of a breach with a consistent message identifying the known facts and remediation process.



An important component of messaging is to identify the firm’s response to the incident. This response can vary significantly based on the type of breach and legislative requirements the firm is operating under. It can be provided more timely if the incident response document includes resources and documentation to assist those potentially impacted by a breach.  This would include information and advice such as recommendations to immediately change passwords, scanning for viruses and malware, monitoring bank and credit card activity, notifying friends and partners of the breach, freezing credit with fraud alerts, and providing firm-paid credit monitoring.


While everyone hopes their firm will not be the victim of a security breach, the reality is that accounting firms will be hacked.  Having an incident response plan in place will allow the firm to respond quickly and thoroughly to minimize damage and protect the firm as much as possible.


Roman H. Kepczyk, CPA.CITP and Lean Six Sigma Black Belt is Director of Firm Technology Strategy for Right Networks. Roman works exclusively with accounting firms to optimize their internal production workflows within their tax, audit, client services and administrative areas. He can be contacted at 678-495-0508 or

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.