Cybersecurity for CPAs: Don't stop adapting

There are accounting firms with mediocre cybersecurity, able to repel casual probes but helpless against dedicated adversaries. There are accounting firms with poor cybersecurity, where all but the most obvious attacks go undetected. And then there are the firms with virtually none at all. In this month's Cybersecurity for CPAs, we examine one such Illinois-based firm. 

It was a small firm, just three people, and had been operating since the 1980s. Despite its small size, it offered a wide variety of services, including tax prep, financial consulting, insurance and annuity guidance, and retirement planning, all of which tend to involve handling sensitive financial information. This information was stored not in a secure server somewhere, but instead on a single computer sitting in the office. An old one at that. While something like this may have been OK in the 1980s, when people were still getting used to the novelty of the fax machine, for the 21st century it was a dangerous setup, especially considering the sheer amount of client information held on the device. 

There was so much data that the firm's portal provider, complicating matters further, simply could not maintain the level of protection required for that amount of information. There were other issues, like lack of communication and support, that exacerbated the situation even more. The firm couldn't even cite budgetary reasons for keeping this provider around: the software was actually quite expensive. 

It was a picture of a firm that stayed right where it was while technology moved on around it, meaning the clients were becoming more vulnerable by the year. With such a paper thin defense, it likely would not be difficult for malicious actors to swoop in and steal the data for whatever nefarious reasons they had.

Luckily for the firm, this did not happen. A new employee who, despite having not previously worked in IT, immediately noticed the problem and quickly set about migrating the data to a secure cloud company with far more cybersecurity resources to protect this valuable information, paired with further training and software to bolster the firm's defenses. 

This real life tale was brought to you by accounting-focused cloud services provider Rightworks, which offers cybersecurity solutions among its many service and product offerings. The story emphasizes that cybersecurity is not a set and forget kind of thing, but something that must be actively maintained and updated. Cybercriminals are always evolving, and so too must the defenses against them.