IT Compliance, cybersecurity proceedures,Ransomware attack, CPA Firms, Email Phishing, Nerdworks Services, Cybersecurity, Employee cyber training, cybersecurity policy, IT compliance checklist

One Click. $60k Loss.

blog
October 28, 20252 min read

One Click. $60k Loss.

A CPA firm nearly sunk.
Why employee training cannot fall by the wayside

In July 2023, employees at Wojeski & Company, an Albany-based CPA firm, arrived at work to find they couldn't access their files. Within hours, they realized the nightmare scenario every accounting firm fears: they were under a ransomware attack. The investigation revealed the cyberattack was probably caused by a phishing email sent to one of their employees.

The Cause: A single click

That single click would ultimately cost the firm $60,000 in regulatory penalties, expose the personal information of over 5,881 clients, and take 16 months to fully resolve. The firm didn't notify clients about the security breach until November 2024—a year and a half after their personal data was originally jeopardized.

The Vulnerability: A single human

Maintaining security for a regulatory business can be tedious and cause complacency within CPA firms. Cyber-Training, that every thinks they "know", can seem time consuming.

More than one employee has tuned out and dozed thinking,
"I've heard all before.”

And THAT is when vulnerabilities create the greatest risk.

The 2025 Verizon Data Breach Investigations Report reveals that 60% of breaches involve "the human element"—users clicking links, replying to spoofed messages, or mis-sending data.

Know: A well-crafted phishing email can bypass every security system you have in place.Which means your employees must be on constant alert

The Penalty:$60k, mitigating expenses, client loss, future client loss

The financial toll to Wojeski extended far beyond the $60,000 penalty. The firm had to provide free credit monitoring to all affected individuals, hire forensic investigators, engage legal counsel, and manage the reputational damage that comes with such a public failure.

Mandatory: Risk prevention

More than an annual PowerPoint presentation for IT compliance.

  • Mandatory Risk prevention strategy

  • Quarterly cybersecurity training sessions

  • Monthly education about current threats

  • Simulated phishing campaigns to test employee awareness

  • Clear incident reporting and procedures

  • Documented proof that regulators can review

You last line of defense are your employees.A simple employee error, like the one at Wojeski, can be prevented with effective and ongoing training.

An EMPOWERED TEAM has the tools, training and knowledge to be your greatest warriors.

Identify gaps and be ready for your next audit and attack.

DOWNLOAD the IT Compliance Checklist for CPAs
Be Empowered and Prepared

Nerdworks Services, LLC secures your CPA firm.
From managing IT systems to cyber-security, and cyber-policy consulting to cyber-security training for all employees, we help you FOCUS on your business.

Nerdworks Services, LLC
1901 Central Drive S. Suite 401
Bedford, Texas 76021

Nerdworks.services
[email protected]

682-324-9360

Cybersecurityemail phishingemployee trainingtraining frequencyIT ComplianceCPA Firm training
LinkedIn logo icon
Instagram logo icon
Back to Blog

1901 Central Drive Suite 401 Bedford, TX 76021

Follow Us on Social

Download IT Security Guide

Nerdworks offers friendly, responsive, and proactive IT support services to small businesses in Dallas. 

Quick Links

© 2025 Nerdworks. All rights reserved.

Website crafted by