“Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs, and data from attack, damage or unauthorized access (Lord, 2017).” The defining moment for cybersecurity started when the first internet worm was introduced in 1988 in MIT and resulted in the first felony conviction in the 1986 Computer Fraud and Abuse Act. Rule 301 AICPA Code of Professional Conduct Confidential information states that “members in private practice shall not disclose any confidential client information without the specific consent of the client.” (Code of Professional Conduct and Bylaws 2017). Whether you are in tax, AUDIT, advisory or other service areas, you will be in violation of this ethics requirement if your client’s information is stolen (Code of Professional Conduct and Bylaws 2017). …show more content…
Internal breaches can happen, for example, leaving your workstation unlocked, sharing logins and passwords with other co-workers, misplacing or losing sensitive documents, or by having poor internal controls where anybody can access confidential client information. The SEC Disclosure Guidance mentions that public traded companies should provide a disclosure of cyber incidents if they are issues that have a material effect that could make an investment in the company risky and speculative. (Trope, 2011). A cyber-security disclosure should adequately describe the nature of material risk and specify how each risk affects the company. Additionally, if those cyber incidents also have a material effect on a publicly traded company’s services, products, relationships with consumers and suppliers, the company should also provide a disclosure. customers and suppliers, the company “should” provide a disclosure (Trope,