By Abigail Draper, OSCPA communication & engagement manager
Bober Markey Fedorovich recently started a cybersecurity practice to help clients prevent cyberattacks. Chad Voller, managing director of the Cyber Technology Group, said it is a “natural fit” for accounting firms to move into the cyber technology sector.
“When you look at what accounting firms do, we are trusted business advisors already for our clients,” Voller said. “And because of the 24-hour news cycle, people have seen news stories pop up almost daily about somebody else getting compromised. So, our ability to advise in that capacity is important.”
He said a lot of accounting firms will try to start cybersecurity practices without being properly equipped, but Voller has twelve years of IT management experience, a few years in IT consulting and all the necessary certifications, so it “just made sense.”
The firm had the correct staff and resources for the endeavor, Voller said, so this was a great opportunity to sell relevant services to customers they are already familiar with to further secure their businesses.
Voller said they are mainly focusing on assessment, training and advisory services. “We don't run a traditional model. A lot of other folks are doing assessments, but they're not placing emphasis and resources on the front end of the security assessments piece, whereas, with the Cyber Technology Group, this is where we're bringing value. And this is what we're really good at.”
If you are a CPA firm looking to branch out into cybersecurity or another niche service, Voller says you must do your market research and know your client base. “You cannot just rely on training that comes from the accounting industry, you have to get technically qualified folks who also know how to think about the business and not just the technology.”
He said you either need to train employees you already have or acquire people who know the business you are entering.
In terms of protecting yourself and your company from cyberattacks, Voller says most issues trace back to a lack of time, talent and training.
“Most of the data breaches that happen today happen because of really basic stuff,” he said. Many of these still happen when someone clicks an unfamiliar link in an email. Employees need to be trained on how to avoid things like this, Voller said, but companies also need to hire people who have technical skills to perform tasks like “threat hunting” and “threat modeling.”
He said one of the easiest things we can do to be more secure is think before we click. “I think speed is a recipe for disaster when it comes to being good at cybersecurity. We all need to slow down a little bit.”