The accounting industry faces a significant staffing crisis, impacting firms of all sizes. Although we are a cybersecurity company in the accounting space, we have still noticed how this has negatively impacted the firms we work with.  

Within this article we will look at how the impact of the staffing shortage is getting accountants to change the way they work, and more importantly how it is negatively impacting their cybersecurity.  

Understanding the Staffing Crisis 

The accounting industry is grappling with a severe staffing shortage. In fact, Forbes suggests we are already 340,000 accountants short with that only to grow in 2024 and beyond. But what’s causing this crisis? Several key factors contribute to this ongoing issue: 

1. An Aging Workforce 

Many experienced accountants are approaching retirement, leaving a gap that isn’t being filled quickly enough by new entrants into the field. This demographic shift is creating a void in both expertise and numbers. In fact, last year the AICPA reported that roughly 75% of current public accounting CPA’s will be retiring in the next 15 years. This is going to leave a large gap as not enough CPA candidates are taking, and passing the CPA exams 

2. Evolving Industry Demands 

The accounting profession is not what it used to be. This is where the need to constantly upskill, cross-skill and embrace new technology is key to being able to keep up with the evolving demands of accountants. The role of the accountant 20 years ago was very different from what it is today.  

3. Declining Interest Among Graduates 

Fewer graduates are entering the accounting field. As we mentioned in this article earlier there are not enough people becoming accountants to replace those retiring from industry. Instead, it is believed younger people are opting for different careers.   

4. High Turnover Rates 

Employee turnover is higher in the accounting industry than most other professional industries, averaging 15% compared to 10%. With a higher-than-average turnover this only increases the pressure that accounting firms are experiencing when it comes to the staffing crisis. 

How is the staffing crisis affecting the cybersecurity of these firms?  

Many people would not draw the correlation between the topic of staffing shortages and cybersecurity risks – after all it is not that obvious.  

Sourcing talent means going remote or global  

When you are unable to locate staff in your location, but desperately need the talent, often the decision firms are faced with, go remote in their country, or even consider going global with their workforce.  

In fact, many accounting firms are embracing this change with the number of available remote accounting roles increasing from 8% in 2019 to almost 20% in 2023.  

Even here at Practice Protect we have noticed an increase in the number of firms we work with employing remote or even offshore staff members to help staff and run their firm. It is clear to us accounting firms globally will continue to utilize remote and offshore staff members to fill the staffing gap.  

Why does this raise a cybersecurity issue? 

That is a question many firms may be asking themselves, when looking at remote or offshore team members. But, by expanding your reach from a single office to multiple locations significantly increases risk around cybersecurity.  

Concerns around application access location  

Because instead of locking all systems down to a single location, you are opening your cloud network to many more IP addresses and locations, which criminals can take advantage of.  

It is integral when choosing to hire remote, or global, you ensure that you are also investing in the technology that allows you to lock down access to specific locations across all your firms’ applications. This is an important security protocol, because if someone attempts to breach any of the software of your firm, they are instantly denied access as they are not logging in from a “safe” location i.e. the location where your staff work. This also provides additional peace of mind for your clients as they know their applications are not being accessed anywhere on the globe, but from approved locations.  

Access and permissions  

We all like to imagine nothing can go wrong, but it is not a fact you can count on. In a more traditional firm, generally staff, if they want to, can access almost all clients and their applications. In a remote environment this poses much more of a risk as you don’t have control of a desktop in an office, although this is a risk even in an office. 

When it comes to managing your firm, it is best practice to only give staff access to the accounting and application of clients they personally work on.  By doing this, you can be sure of who has access, and who, if there is a breach from an outside party you need to reset and investigate for other breaches – this saves you from having to do it across your entire staffing base.  

Cybersecurity and remote work  

Remote work is a very viable solution to overcoming the staffing shortage in the accounting profession. However, when bringing in or considering remote workers in your firm you also need to take a security-conscious mindset to this change.  

It does not have to be a big investment on your part and doesn’t require you to bring IT in house, in fact there are cybersecurity providers who can completely manage this process and your security on your behalf – all you must do is reach out.