Securing Financial Information in the Digital Realm: Case Studies in Cybersecurity for Accounting Data Protection
Keywords:Accounting, Cyber-Security, Threats, Vulnerability
Securing financial information, especially accounting, is essential in the digital world. This article explores organizations' challenges in protecting accounting data from evolving cyber threats. By sharing real-life case studies and industry research, we offer suggestions to enhance the security of accounting information. These recommendations include adopting cybersecurity frameworks implementing technical defenses like endpoint protection and network segmentation, following secure coding practices prioritizing user awareness and training, creating incident response and business continuity plans, regularly conducting vulnerability assessments and monitoring, maintaining strong vendor relationships, and ensuring compliance with relevant regulations and standards. By implementing these suggestions, accounting professionals and organizations can strengthen cybersecurity measures. Effectively protect valuable financial data from the ever-growing threat landscape. Taking an approach that combines technical measures, user awareness, incident preparedness, and regulatory compliance is crucial when navigating the digital landscape with confidence and resilience.
APWG. (2022). Phishing Activity Trends Report. https://apwg.org/trendsreports/
BBC News. (2016). Bangladesh bank hackers fail in bid to net $1bn. https://www.bbc.co.uk/news/technology-35773061
Bodepudi, A., Reddy, M., Gutlapalli, S. S., & Mandapuram, M. (2019). Voice Recognition Systems in the Cloud Networks: Has It Reached Its Full Potential?. Asian Journal of Applied Science and Engineering, 8(1), 51–60. https://doi.org/10.18034/ajase.v8i1.12 DOI: https://doi.org/10.18034/ajase.v8i1.12
Bodepudi, A., Reddy, M., Gutlapalli, S. S., & Mandapuram, M. (2021). Algorithm Policy for the Authentication of Indirect Fingerprints Used in Cloud Computing. American Journal of Trade and Policy, 8(3), 231–238. https://doi.org/10.18034/ajtp.v8i3.651 DOI: https://doi.org/10.18034/ajtp.v8i3.651
Capital One. (2019). Capital One Announces Data Security Incident. https://www.prnewswire.com/news-releases/capital-one-announces-data-security-incident-300892738.html
Chang, V., Walters, R. J., & Wills, G. (2018). Cybercrime and accounting information systems: A novel research direction. Journal of Computer Information Systems, 58(4), 334–343. DOI: https://doi.org/10.1080/08874417.2016.1261378
CISCO. (n.d.). What Is a Network Switch? https://www.cisco.com/c/en/us/products/switches/what-is-network-switching.html
Citigroup. (2019.). Cybersecurity: protective measures treasuries should be taking. https://www.citibank.com/tts/solutions/cybersecurity/
Cloudflare. (n.d.). What Is a Web Application Firewall (WAF)? https://developers.cloudflare.com/waf/about/
Deloitte. (n.d.). Cybersecurity and Privacy Awareness. https://www.deloitte.com/global/en/Industries/government-public/perspectives/urban-future-with-a-purpose/cybersecurity-an-privacy-awareness.html
Equifax. (2021). Support Regulatory & Security Compliance. https://www.equifax.com/business/identity-fraud/support-regulatory-security-compliance/
Ernst & Young (EY). (n.d.). Cybersecurity. https://www.ey.com/en_uk/cybersecurity
FORTRA. (2017). NotPetya: Timeline of a Ransomworm. https://www.tripwire.com/state-of-security/notpetya-timeline-of-a-ransomworm
Glazer, E. (2015). J.P. Morgan to Accelerate Timeline for Cybersecurity Spending Boost. The Wall Street Journal. https://www.wsj.com/articles/j-p-morgan-to-accelerate-timeline-for-cybersecurity-spending-boost-1438641746
Gutlapalli, S. S. (2016). Commercial Applications of Blockchain and Distributed Ledger Technology. Engineering International, 4(2), 89–94. https://doi.org/10.18034/ei.v4i2.653 DOI: https://doi.org/10.18034/ei.v4i2.653
Gutlapalli, S. S. (2017). Analysis of Multimodal Data Using Deep Learning and Machine Learning. Asian Journal of Humanity, Art and Literature, 4(2), 171–176. https://doi.org/10.18034/ajhal.v4i2.658 DOI: https://doi.org/10.18034/ajhal.v4i2.658
Gutlapalli, S. S., Mandapuram, M., Reddy, M., & Bodepudi, A. (2019). Evaluation of Hospital Information Systems (HIS) in terms of their Suitability for Tasks. Malaysian Journal of Medical and Biological Research, 6(2), 143–150. https://doi.org/10.18034/mjmbr.v6i2.661 DOI: https://doi.org/10.18034/mjmbr.v6i2.661
Hyde, J. (2016). AICPA Unveils Cybersecurity Risk Management Reporting Framework. AICPA & CIMA. https://www.aicpa-cima.com/news/article/aicpa-unveils-cybersecurity-risk-management-reporting-framework
Jartelius, M. (2020). The 2020 Data Breach Investigations Report–a CSO's perspective. Network Security, 2020(7), 9-12. DOI: https://doi.org/10.1016/S1353-4858(20)30079-9
JPMorgan Chase. Protecting Our Systems and Customer Information. https://www.jpmorgan.com/insights/fraud/fraud-protection/how-to-protect-and-secure-customer-data
Kafi, M. A., & Adnan, T. (2020). Machine Learning in Accounting Research: A Computational Power to Wipe Out the Challenges of Big Data. Asian Accounting and Auditing Advancement, 11(1), 55–70. https://4ajournal.com/article/view/79
Kafi, M. A., & Adnan, T. (2022). Empowering Organizations through IT and IoT in the Pursuit of Business Process Reengineering: The Scenario from the USA and Bangladesh. Asian Business Review, 12(3), 67–80. https://doi.org/10.18034/abr.v12i3.658 DOI: https://doi.org/10.18034/abr.v12i3.658
Le, D. C., & Zincir-Heywood, A. N. (2019). Machine learning-based insider threat modeling and detection. In 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). IEEE. pp. 1-6.
Lika, R. A., Murugiah, D., Brohi, S. N., & Ramasamy, D. (2018). NotPetya: Cyber-attack prevention through awareness via gamification. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-6). IEEE. DOI: https://doi.org/10.1109/ICSCEE.2018.8538431
Mandapuram, M. (2016). Applications of Blockchain and Distributed Ledger Technology (DLT) in Commercial Settings. Asian Accounting and Auditing Advancement, 7(1), 50–57. Retrieved from https://4ajournal.com/article/view/76
Mandapuram, M. (2017). Security Risk Analysis of the Internet of Things: An Early Cautionary Scan. ABC Research Alert, 5(3), 49–55. https://doi.org/10.18034/ra.v5i3.650 DOI: https://doi.org/10.18034/ra.v5i3.650
Mandapuram, M., & Hosen, M. F. (2018). The Object-Oriented Database Management System versus the Relational Database Management System: A Comparison. Global Disclosure of Economics and Business, 7(2), 89–96. https://doi.org/10.18034/gdeb.v7i2.657 DOI: https://doi.org/10.18034/gdeb.v7i2.657
Microsoft. (n.d.). Security at Microsoft. https://www.microsoft.com/en-us/professionalservices/security
National Institute of Standards and Technology. (2018). Guide to Small and Medium Business Cybersecurity. https://www.nist.gov/itl/smallbusinesscyber
Noever, D. (2019). Classifier suites for insider threat detection. arXiv preprint arXiv:1901.10948.
OWASP. (2021). OWASP Top Ten Project. Retrieved from https://owasp.org/Top10/
Ponemon Institute. (2020). Cost of a Data Breach Report. https://www.ponemon.org/
Pritam, N. (2020). Money makes the cyber-crime world go round - Verizon Business 2020 Data Breach Investigations Report. Verizon. https://www.verizon.com/about/news/verizon-2020-data-breach-investigations-report DOI: https://doi.org/10.1016/S1361-3723(20)30059-2
Reddy, M., Bodepudi, A., Mandapuram, M., & Gutlapalli, S. S. (2020). Face Detection and Recognition Techniques through the Cloud Network: An Exploratory Study. ABC Journal of Advanced Research, 9(2), 103–114. https://doi.org/10.18034/abcjar.v9i2.660 DOI: https://doi.org/10.18034/abcjar.v9i2.660
SANS Institute. (n.d.). Security-Awareness. https://sc.edu/about/offices_and_divisions/division_of_information_technology/security/docs/security-awareness-brochure.pdf
Simkins, B. J., Parikh, A., & Isbell, M. (2020). Digital forensics in the accounting classroom: A case for expanding coverage and skills in cybersecurity education. Journal of Forensic Accounting Research, 5(1), 53-71.
Smith, J. (2017). The Equifax Data Breach: Lessons Learned for Financial Institutions. Journal of Financial Security, 42(3), 123–145.
Symantec. (n.d.). Antivirus - Symantec Endpoint Protection (SEP). https://www.alaska.edu/oit/services/software-downloads/licensed-software/antivirus/
US-CERT. (2018). Alert (TA17-132A): Indicators Associated with WannaCry Ransomware. https://www.cisa.gov/news-events/alerts/2017/05/12/indicators-associated-wannacry-ransomware
US-CERT. (2020). Advanced Persistent Threat Activity Exploiting Managed Service Providers. https://www.cisa.gov/news-events/alerts/2018/10/03/advanced-persistent-threat-activity-exploiting-managed-service/
How to Cite
Copyright (c) 2023 Md Abdullahel Kafi, Nazma Akter
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
American Journal of Trade and Policy is an Open Access journal. Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under a CC BY-NC 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of their work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal. We require authors to inform us of any instances of re-publication.