IMGCAP(1)]CPA firms are both data collectors and data overseers, and they rely on numerous forms of technology to accumulate and distribute data. From tax preparations to audit documents, CPA firms are responsible for countless pieces of information for both their customers and their firms. This makes them doubly at risk for cybercrimes. And no business, even a CPA firm, is safe from cyberattacks.
Over
Should a firm’s data security be breeched, clients’ personal information could be compromised, negatively impacting the firm’s reputation. It’s important for all accounting firms, big and small, to understand the appropriate ways to keep themselves safe against cyber threats.
Here are three ways an accounting firm can bolster its security and safeguard its reputation.
1. Avoid open access and implement controls.
Sensitive data such as check registers, balance spreadsheets, valuation analyses, legal documents and private employee records should not be accessible to every member of the firm. A firm should have controls in place that determine who can access, share, and edit documents. A receptionist may not need the same level of access as an executive, and it’s imperative that the correct permissions are in place to prevent unauthorized access to sensitive files. In addition, controls should be updated regularly. Staff members may change roles within the organization or require only temporary admittance to files, so such changes should be tracked and adjusted accordingly.
2. Back up and encrypt data.
Every CPA firm should back up its important data to avoid a data loss incident. If possible, your firm should store copies of its data offsite, preferably out of state or in a region that would remain unaffected if a natural disaster were to occur. However, data back-up is not enough to protect your firm’s sensitive information. Encryption of data at rest and in transit is necessary to ensure hackers are deterred from unauthorized access to your organization’s valuable records. Firms should implement
3. Build defenses.
Protecting data requires firms to have
Physical safeguards with security measures to control access to files or the device storing the files are necessary. Firms should maintain
Other, yet sometimes overlooked, measures include making sure visitors are accompanied in an area where confidential electronic files are stored, securing workstations with complex passwords, and restricting employee access to server rooms where valuable files are stored.
Technical safeguards should also be incorporated on hardware and software used throughout a firm. By implementing access controls specific to the role of the employee viewing and sharing the information, managers can easily monitor and restrict access to information. By performing internal audits by installing antivirus, antispam, malware and instruction detection software, managers can measure how the firm’s security defenses could be potentially compromised. They can also verify that all software is active and has not been turned off by the end-user.
For the next three tips, view the
Bryan Gregory is the president of