July 27, 2019

How To Keep Your CPA Firm’s Data Safe In The Era of Digital Security Breaches

cpa data security

It seems like every day we learn of another data security breach involving some of the largest and most powerful companies in the world. Unfortunately, no one is immune to a virus, as we can attest to from our recent experience.

Smaller businesses (when compared to giants like Wells Fargo, Target, and Equifax) are being targeted by hackers and malicious programs more and more frequently.

  • 43% of cyber attacks target small businesses. (Small Business Trends)
  • It takes an average of 191 days or a little over six months for a company to detect a breach. (Tech Beacon)
  • According to the National Cyber Security Alliance, 60% of small businesses that experience a cyber breach close within six months. (Inc.)

Now, if you’re thinking to yourself, those small businesses must have been really small and not had an IT department. Well, that’s actually not the case. The data listed above applies to businesses with only a handful of employees to around 100. The point is, your CPA firm, whether it’s nine employees or a few hundred, needs an experienced IT team to take the necessary steps to protect customer and company data.

According to Thomson-Reuters, “Small companies are becoming more of a target because criminals know large firms are devoting more resources to cybersecurity,” says Eric McMillen, an information security consultant...who works with the financial services industry. “A common argument I hear is, ‘I’m just a nine-person accounting firm. Why should anyone want to go after me?’ Well, you probably have 1,000 or more pieces of client data that a criminal can use.”

So, what steps do you need to take to better protect your CPA firm’s data and your clients?

Conduct a System Assessment

IT infrastructure and behavior assessments need to be ongoing. Conducting an assessment at a single point in time and not reassessing at regular intervals is a recipe for disaster.

In order to understand where your CPA firm might be vulnerable, you need to have a deep understanding of your hardware, software, and your staff behaviors first.

When your CPA firm has other priorities--like taking care of its clients during the craziness of tax season--assessments can fall by the wayside. Be thoughtful about when you conduct your assessments by scheduling them during less busy parts of the year, so your IT team and core working group can focus on triaging your cybersecurity protections with minimal distractions.   

Train Your Team

Cybersecurity is not just IT’s responsibility.  All of your employees need to take ownership of data protection. The latest and greatest software in the world can’t stop a single employee from opening a phishing email that gets the bad guys into your system.

A cybersecurity educated and trained workforce is your best line of defense against security breaches. Training should be an ongoing professional development requirement that will reinforce company-wide security policies like the following:

  • Clear, enforced password rules. Don’t allow your staff the freedom to create simple passwords that they never change. Implement clear password requirements and designate password change deadlines that are appropriate for your industry.
  • Restricting access and permissions. Employees should only have the keys to what they need to perform their job.
  • Make sure all devices are protected. Cybersecurity should not just focus on an employee laptop--phones, tablets, and any other device doing company business must be protected.
  • Require multi-factor identity verification. This means that staff cannot always access data using only their username and password. A text or email verification could be required for full access.
  • Document your policy and enforce it. Your cybersecurity protocols and processes need to be written down and signed off on. As threats and technology change, your document needs to evolve and your team needs to get retrained. Have your team sign the document and hold them accountable.

Get Help

Smaller and midsize CPA firms often have no dedicated IT staff or only a few employees that are stuck in “break and fix mode.” Many cybersecurity strategic needs get discussed, but few, if any, actually get completed.

This isn’t anyone’s fault. It's typically caused by a lack of human capital and resources. That said, if you consider the damage a successful hack can have on your reputation and on your clients’ lives, investing in outside IT and cybersecurity expertise is really a no brainer.

The investment in a partnership with a cloud and managed IT services provider frees your non-IT employees from the burden of tasks not in their area of expertise, and it also alleviates “break and fix” pressure on your IT team. Both your unofficial IT person and your official IT staff can move beyond immediate issues to focus on their actual job and longer-term strategic IT issues, respectively.

Your managed IT service partner will provide 24/7/365 system monitoring, automatic software updates, patch management, and overall system management. At Cetrom, we take a three-pronged approach to protecting your CPA firm’s most important data:

  • Physical Security. We secure our two cloud data centers with armed guards, biometrics, pre-approved clearance, restricted access, and more.
  • Logical Security. To protect your network, we utilize enterprise-level firewalls, multi-layered virus and spam protection, intrusion prevention, daily backups, encryption, two-factor authentication for sign-on access, and user-defined permissions. We also pioneered a unique hybrid cloud option, which adds on-site server backup for added redundancy and peace of mind.
  • Methodological Security. This level of security considers the “human factor”, such as confirming that every manual process is approved by multiple cleared users. Errors or hacks can occur at any level, but it is the methodological level that can cause the most issues, which is why we follow strict industry security best practices.

What’s more, all of our support team members are certified tier-3 level engineers that are available every day, all year to help your IT team solve pressing problems.

The cyber threat environment is real and changes in the blink of an eye for corporate behemoths and small to midsize businesses alike. The threat is real and ever-present as is the real damage malware or a data breach can cause your business.

Remember, like most complex challenges there is no one solution to protecting your CPA firm from a cyber attack.

It will take a combination of your team’s dedication, the proper utilization of the right software and hardware, and the assistance of external experts to provide the on-all-the-time coverage every business needs to counter today’s threat matrix.

CPA Firm’s Guide to Choosing a Cloud Provider

Why Are CPA Firms Opting for Cloud Providers? CPA firms continue to shift toward using cloud providers for their IT needs. The number of firms ..
July 22,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

CPA Firm’s Guide to Choosing a Cloud Provider

Why Are CPA Firms Opting for Cloud Providers? CPA firms continue to shift toward using cloud providers for their IT needs. The number of firms ..
July 22,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?