January 3, 2020

Pre-Tax Season Cybersecurity Checklist for CPA Firms

For CPA firms, the start of 2020 is more than just the advent of a new year, it’s also the beginning of tax season. As your firm looks ahead to 2020, it’s an important time to assess the successes, challenges, strengths and weaknesses that emerged over the course of 2019.

One of the most important assessments your CPA firm can conduct is the state of your cybersecurity policies, technologies and plans. 

The question is not if your firm will be targeted; the question is when. 

CPA firms of all sizes need to operate under the assumption they will be targeted by bad actors and be prepared to identify a breach, quickly respond to an attack and have a plan in place to recover.

This is the reality of a financial industry that has what hackers want: sensitive data that can be held for ransom or leveraged for financial gain. As tax season approaches—a prime time for cyberattacks and the worst possible time to experience one—is your CPA firm prepared?

To help you explore this question, Cetrom has pulled together the following cybersecurity checklist for your CPA firm to add to its New Year resolution list as it heads into tax season.

Develop a Disaster Recovery Plan

The first step to stronger data security is simply accepting that a cyberattack is coming sooner or later. Once your IT team and you accept this reality, developing a disaster response and recovery plan is a no-brainer. Here are a few tips for building an effective plan:

  • Assess your response plan as it currently stands, identifying strengths and weaknesses
  • Create a disaster response and recovery team comprised of staff members from IT and all other departments
  • Develop, document, and communicate the final plan to all employees
  • Create standing re-evaluation periods where the plan can be adjusted, updated, and improved
  • Practice, practice, practice. Run mock attacks and breaches periodically to test your team

The bottom line: Your CPA firm will get hit. How fast and how well you respond is directly correlated to the damage that will be done to your bottom line and brand reputation. 

Train Your Team to Defend Your Data

Your staff represents one of the gravest cybersecurity risks out there; it is also possibly the most difficult risk to mitigate. Human error, ignorance to possible threats and poorly communicated internal protocols can very easily lead to network breaches. The most effective solution: constant education and training of your staff. Training should be an ongoing professional development requirement that will reinforce company-wide security policies like the following:

  • Clear, enforced password rules. Don’t allow your staff the freedom to create simple passwords that they never change. Implement clear password requirements and designate password change deadlines that are appropriate for your industry.
  • Restricting access and permissions. Employees should only have the keys to what they need to perform their job.
  • Make sure all devices are protected. Cybersecurity should not just focus on an employee laptop—phones, tablets, and any other device used in doing company business must be protected.
  • Require multistep identity verification. This means that staff cannot always access data using only their username and password. A text or email verification could be required for full access.
  • Document your policy and enforce it. Your cybersecurity protocols and processes need to be written down and signed for accountability. As threats and technology change, your document needs to evolve and your team needs to get retrained. Have your team sign the document and hold them accountable.

Integrate Artificial Intelligence (AI)

AI is a valuable tool for thwarting cyberattacks, be they malware, ransomware or a solo hacker. It’s an established fact that human monitoring of any given IT network is doomed to failure. AI can be a great weapon against cybersecurity attacks.

  • Earlier Breach Detection. AI’s always-on, always-scanning nature not only can reduce vulnerabilities, it also can increase attack response times by allowing your IT team to focus on response rather than everything all at once, including detection. In that way, AI enhances your cybersecurity program both in detection and response. 
  • Email Scanning. Having automated, AI-led email monitoring is really the only effective approach to mitigating the biggest cybersecurity risk of all: your staff.
  • AI Is Better Than Antivirus Software. Antivirus tools are always lagging behind the pace of existing malware threats. AI can detect anomalies and unusual program behaviors as they happen, so there is no gap for malware of hackers to exploit between signature detection and distribution.

Bulk Up Your Backup Processes

Finally, you must have a regimented, sophisticated, and repeatable backup process for your data. 

  • Multiple backups need to be conducted daily
  • You need to use various methods to backup your data to create redundancies; these could include cloud backups, hard drive backups, or other methods
  • The key is that these backups must live outside of your network and some should live beyond your physical office space to mitigate the risk of natural disasters, fires, or break-ins

Use this checklist to orient your 2020 cybersecurity planning and budgeting. CPA firms can no longer afford to push off or ignore investing in more robust data security technology, services, processes and protocols.

If you have any questions or would like expert advice on how to transform your security infrastructure, Cetrom is ready to help. Reach out to us today.

Cybersecurity Guidelines for the CPA C-Suite

Cyberattacks are happening more frequently and with increasing sophistication. In order to counteract this threat, c-suite executives must prepare..
May 18,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Cybersecurity Guidelines for the CPA C-Suite

Cyberattacks are happening more frequently and with increasing sophistication. In order to counteract this threat, c-suite executives must prepare..
May 18,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?