October 30, 2019

How to Keep Your CPA Firm Protected from a Cyberattack

The cyber threat environment changes every day and is a real concern for businesses large, small, and in between. You might be saying to yourself, “We’re too small and under-the-radar to get hit.” Well, unfortunately, that’s not the case; if you operate online and your employees use the Internet (which is every business), cyberattacks are a real and ever-present threat.

Did you know:

  • There is no real way to protect your business from Ransomware.
  • 22+ companies are being hit by crypto viruses every day.
  • Email is the No. 1 culprit of a cyberattack. It only takes one person to activate a virus.
  • Viruses are getting more sophisticated every day.
  • If you don’t have a strong disaster recovery plan in place, you’re planning to fail.

The cyber threat matrix is complex and consistently difficult to combat. The bottom line is you need a comprehensive security plan that addresses intricate technological issues and possibly the biggest threat of all — human error.

Everything is not doom and gloom; there are some practical steps to keep your CPA firm safer more consistently. At Cetrom, we’re here to help you stay safe, secure, and operating smoothly.

Here are a few practical steps to enhance your cybersecurity program.

Adopt a Three-Pronged Approach
Your approach to cybersecurity cannot be piecemeal; it must be comprehensive and consistently executed, monitored, and adjusted, which can be a tough task for IT teams stuck in “break-and-fix mode.”

We recommend a three-pronged overall approach to improving cybersecurity:

  1. Back-Up. You need to focus on building a multi-faceted backup protocol, possibly including onsite backup storage, cloud storage, and even geographically dispersed backups stored in highly secure data centers.
  2. Secure. Assess or hire a third-party IT expert to assess your network’s weaknesses. Then, acquire the necessary technology, software, and tools to plug gaps and strengthen identified vulnerabilities. Securing your network also includes developing a detailed disaster recovery plan should you get hit; the faster you’re able to recover the less damage will be done to your CPA firm and its brand.
  3. Educate. Your entire staff must be educated on digital security best practices; initial training must then be followed up by more training and a commitment to continually improving the cybersecurity knowledge of your entire team, not just your designated IT experts.

Let’s take a deeper dive into each of these three facets of stronger cybersecurity for CPA firms.

Cybersecurity Education
Your staff represents one of the gravest cybersecurity risks out there; it is also possibly the most difficult to prevent. Human error, ignorance to possible threats, and poorly communicated internal protocols can very easily lead to network breaches.

The most effective solution: Constant education and training of your staff.

Your small IT team, or one IT person, can’t do this alone. Every employee needs to take ownership of the role they play in keeping your CPA firm’s data and information safe. The most sophisticated and expensive software in the world can’t stop a single employee from opening a phishing email that lets the bad guys in.

A cybersecurity educated and trained workforce is your best line of defense against security breaches. Training should be an ongoing professional development requirement that will reinforce company-wide security policies like the following:

  • Clear, enforced password rules. Don’t allow your staff the freedom to create simple passwords that they never change. Implement clear password requirements and designate password change deadlines that are appropriate for your industry.
  • Restricting access and permissions. Employees should only have the keys to what they need to perform their job.
  • Make sure all devices are protected. Cybersecurity should not just focus on an employee laptop — phones, tablets, and any other device doing company business must be protected.
  • Require multi-step identity verification. This means that staff cannot always access data using only their username and password. A text or email verification could be required for full access.
  • Document your policy and enforce it. Your cybersecurity protocols and processes need to be written down and signed-off on. As threats and technology change, your document needs to evolve and your team needs to get retrained. Have your team sign the document and hold them accountable.

Other Important Ways to Secure Your CPA Firm’s Data
Setting aside the human factor, let’s take a look at ways your CPA’s IT team can leverage technology to bulk up your cybersecurity infrastructure.

Deploy Artificial Intelligence
AI is a valuable tool for thwarting cyberattacks, be they malware, ransomware, or a solo hacker. It’s an established fact that human monitoring of any given IT network is doomed to failure: The global reach, non-stop change, and supersonic speed of the cybersecurity threat ecosystem is far too much for any one IT person — or even a sizable team — to handle alone. AI, when deployed by an experienced IT-managed services partner like Cetrom, can be a great weapon against security breaches.

  • Earlier Breach Detection. Much of detection work is rote, mundane work that’s less than ideal for people and a perfect fit for AI, which never gets bored, or tired, or careless. AI is a logical solution for improving the speed and accuracy of breach detection. AI’s always-on, always-scanning nature not only can reduce vulnerabilities, it also can increase attack response times by allowing your IT team to focus on response rather than everything all at once, including detection. In that way, AI enhances your cybersecurity program both in detection and response.
  • Email Scanning. The sheer volume of email activity at a company of any size makes manual, human-led monitoring very difficult, if not impossible. Having automated, AI-led email monitoring is really the only effective approach to mitigating the biggest cybersecurity risk of all: your staff.
  • AI Is Better Than Antivirus Software. Antivirus tools are always lagging behind the pace of existing malware threats. AI can detect threats without the lag as it doesn’t depend on signature updates. AI will look at anomalies and unusual program behaviors as they happen, so there is no gap for malware of hackers to exploit between signature detection and distribution.

Leverage the Cloud’s Enhanced IT Security Features
Moving to a cloud-hosted system has its security advantages, particularly when this move is coupled with a partnership with an experienced IT-managed services partner. What you get by combining a cloud-hosted system with this partnership can be invaluable to your cybersecurity effectiveness. You should get:

  • Access to top-notch security measures to protect your data from hackers (firewalls, anti-spam/anti-virus, endpoint protection platforms, two-step authentication, etc.)
  • Proactive monitoring of all hardware and software systems 24/7/365
  • Access to the best hardware and software available in the market
  • A dedicated team of engineers experienced with combating cyber threats

Develop a Disaster Recovery Plan
This last tip for better cybersecurity is not AI or tech-based. It’s really about being proactive and planning in advance for the worst case scenario. The first step is simply accepting that a cyberattack is coming sooner or later. Once you and your IT team accept this reality, developing a disaster response and recovery plan is a no brainer. Here are a few tips for building an effective plan:

  • Assess your response plan as it currently stands, identifying strengths and weaknesses
  • Create a disaster response and recovery team comprised of staff members from IT and all other departments
  • Develop, document, and communicate the final plan to all employees
  • Create standing re-evaluation periods where the plan can be adjusted, updated, and improved
  • Practice, practice, practice. Run mock attacks and breaches periodically to test your team

The bottom line: Your CPA firm will get hit. How fast and how well you respond is directly correlated to the damage that will be done to your bottom line and brand reputation.

Bulk Up Your Backup Processes
Finally, you must have a regimented, sophisticated, and repeatable backup process for your data.

  • Multiple backups need to be conducted daily
  • You need to use various methods to backup your data to create redundancies; these could include cloud backups, hard drive backups, or other methods
  • The key is that these backups must live outside of your network and some should live beyond your physical office space to mitigate the risk of natural disasters, fires, or break-ins

You can even store your data and backups in geographically dispersed, disaster-proof, and highly secured locations offsite. For example, Cetrom clients enjoy the peace of mind that comes with their data being securely stored in our two Cloud data centers in Virginia and Colorado that are geographically dispersed for automatic failover protection and remote backups, ensuring their data is protected. Both facilities are SSAE 16 compliant (formerly the SAS70 standard) and SOC 2 compliant for top-tier security measures.

Finally, our last piece of advice when it comes to cybersecurity: Don’t go at it alone.

The investment in a partnership with a Cloud and managed-IT services provider frees your non-IT employees from the burden of tasks not in their area of expertise, and it also alleviates “break-and-fix” pressure on your IT team. Both your unofficial IT person and your official IT staff can move beyond immediate issues to focus on their actual job and longer-term strategic IT issues, respectively.

Plus, partnering with a third-party IT management company simply gives you better security with tier-3 engineers on 24/7/365 watch over your network. For more information on how Cetrom can help protect your CPA firm from impending cyberattacks, click on the button below:

Why Cetrom?

Citrix vs. RDP: An Honest Comparison

Citrix and RDP Both Rely on Virtualization: What Is It? Before discussing the differences between Citrix Xen and Remote Desktop Protocol (RDP),..
November 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Citrix vs. RDP: An Honest Comparison

Citrix and RDP Both Rely on Virtualization: What Is It? Before discussing the differences between Citrix Xen and Remote Desktop Protocol (RDP),..
November 19,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?