Whether you are a CPA firm assessing your current IT services provider or on the hunt for a new one, effective due diligence is essential to making the right decision to stay with who you have or move on to a new collaboration.
Asking your IT or cloud services provider the right questions is critical to the screening process. To ask the right questions, your company needs to blend self-awareness of its current and future IT needs with an understanding of what IT capabilities exist and what best practices are available in the current IT managed services marketplace.
At Cetrom, we are at the leading edge of IT capability and best practice; we’ve also worked with a host of CPA firms to develop IT infrastructure, integrate cloud capabilities, enhance security and respond to IT emergencies. We’ve been around the block and then some. From these experiences we’ve created a short cheat sheet of the top five questions you must ask your current or prospective IT services partner.
What is your data storage and access strategy?
Experienced IT services and cloud hosting providers understand that having multiple data backup methodologies and locations is imperative to protecting their client’s information.
Deploying a diverse, layered backup approach to data protection — including guarantees from the cloud provider that your data will be backed up daily — is most effective in mitigating a wide range of risk factors, including natural disasters, fires, theft, cyberattack, and disruptions due to public health emergencies like COVID-19.
Your cloud hosting partner should be able to speak directly to their multiple data backup methodologies, why they work and how they protect your CPA firm’s data. Saving data on multiple hard drives in various locations and protecting data in secure, geographically dispersed data centers are a few of the many approaches that work to prevent data loss.
For example, at Cetrom we have offsite data backup facilities in Virginia and Colorado, each of which deploys the best security technology and techniques in the industry. Geographically dispersed data centers eliminate the risk of a single network point of failure in the event of a cyberattack, natural disaster, or some other unforeseen circumstance.
We also perform two daily backups using two methodologies that are disconnected from the network. Additionally, replication of client data is performed from the data center to the client’s site for maximum security. Further, we leverage Amazon Web Services for a third backup method.
Minimal redundancy and just a few layers of backups won’t cut it in today’s IT world. Find a partner that understands redundancy and backup best practices and can apply them to your specific company and industry.
Can our team visit their data centers?
You wouldn’t buy a house site unseen, right? Ask your potential cloud hosting partner if you and your team can visit their data centers. Ask for a tour. Many companies don’t realize they can visit the place where their most sensitive data will be protected.
Now, COVID-19 regulations might prevent an onsite data center visit in the near term, but as the pandemic recedes this is a key ask of any current or potential IT service provider.
In short, don’t take a potential hosting partner’s “word for it.” Have them give you a tour and be prepared to ask informed questions.
- Ask about their security compliance certifications like SSAE 16 and SOC 2
- Do they have fire suppression systems and biometric scanning?
- Is the center under 24-hour manned security and camera?
- What is their backup generator situation?
- Who has access to the data center?
These offsite data centers will become the lifeline for your CPA firm. You have every right to ask a potential cloud provider these questions and you should. Don’t buy that house without a tour and careful inspection.
What is your data security philosophy and what tools do you deploy to keep your client’s data protected?
Cybersecurity and data protection are top priorities for CPA firms regardless of size. The frequency, sophistication and range of targets from corporate behemoths to emerging and small companies means your CPA firm is in the crosshairs, whether you believe it or not. All it takes is one data breach to cause major problems for your firm.
That’s why it’s critical the cloud service provider you hire is on the cutting edge of security and can provide support 24/7/365 to your organization.
It’s widely known that cybersecurity technology alone cannot make your data secure. Team members represent a tremendous security threat. From convincing email phishing schemes and lost computers to the personal use of phones and human error, your internal team is a well-documented source of risk. Ask your potential cloud partner how they can help you train your team members to utilize data security best practices in their day-to-day routines.
What’s more, make sure that your cloud partner has experienced developing and executing disaster recovery plans. This should include proactive security measures, employee training sessions, and possibly even mock security breach drills. It’s proven that the longer the recovery process takes, the more damaging a cyberattack will be.
At Cetrom, we understand in a deep way the myriad threats faced by companies today. After all, we are a company as well and have invested extra time in developing our data security strategy and we’ve reinvested significant dollars in augmenting our cybersecurity toolbox. Our data security tools and approaches include:
- Verified & Tested Disaster Recovery Plan. Cetrom performs monthly disaster recovery plan drills to ensure quick response times. We work with clients to help build their own business continuity plan so that, in the event of an unexpected outage, they can continue working.
- Multiple AI-based Security Products. We install multiple AI-based products built to stop breaches. This AI software learns the user’s habits and daily activities so that it can identify when an anomaly may be present within a user’s environment.
- Anti-spam/Antivirus Prevention & Detection. Reportedly, 90 percent of cyberattacks occur via email. Anti-spam/Antivirus prevention and detection is another method Cetrom uses to help protect client data online, especially when working in email.
- Deploy Intrusion Detection & Prevention Systems. Cetrom actively monitors network or system activities for malicious activities or policy violations and reviews these reports in order to gain visibility into existing weak entry points to help avoid possible breaches in the future.
This is in addition to the multiple data backup protocols and locations mentioned above. The response to your CPA firm’s question about an IT service provider’s data security approach should be clear, unequivocal and confident; any hedging or ambiguity in their response should provide reason enough to move on to another potential partner.
What applications do you work with and what’s your team’s level of expertise using these applications?
The CPA industry has specific information technology needs. During the interview process, make sure you ask if a cloud service provider has worked in your space before. Also ask them who they worked with and for how long, and what CPA-specific applications they have expertise in.
If the people behind the technology don’t understand your industry or the applications used by it, their capability to help efficiently align cloud services with your organizational goals will be seriously compromised. At best, the learning curve will elongate the migration process and might slow reaction time once engaged; at worst, a cloud provider unfamiliar with your industry and the IT tools it uses could put your company at serious risk from a cybersecurity and compliance standpoint.
Here at Cetrom our engineers are all Tier-3 certified; they are available to our clients 24/7/365 and hold expertise in a wide array of applications useful to the CPA industry. Our engineers are experts in popular accounting applications like CCH, Thomson Reuters, Lacerte Tax, Intuit, CaseWare and Sage. You can view all of the CPA-focused applications we work with here.
For over 15 years now, we have built upon our expertise of hosting a broad spectrum of specialized, industry-specific and custom applications that our customers rely on. Cetrom not only hosts your applications in our secure cloud data centers, but also makes them work well to ensure you have uninterrupted day-to-day operations.
In short, your CPA firm needs to uncover if your current or prospective IT solutions provider understands your industry and is well-versed in the IT tools it uses to get quality work done.
When is it appropriate, in your opinion, to push back against a client’s directive and why?
Ultimately your CPA firm wants to partner with a strategic IT service provider and partner that is invested in your success. In other words, your chosen partner needs to be willing to go beyond fixing what’s broken and taking orders from your CPA firm’s IT lead or team.
Today’s IT ecosystem, which exists in a complex regulatory environment and an ever-shifting cybersecurity threat matrix, requires a true partnership that expects push back and true collaboration, and is grounded in deep trust and achieving mutual success. It requires an IT partner that will dive in headlong when emergency strikes as if the threat was to them. Your CPA firm wants an IT partner that takes ownership and is accountable.
In many ways this question delves into an IT services firm’s culture and values. Their response will give you a feel for how a possible partner operates and if their value system aligns with your organization’s “why.” Technological capability is a big driver, for sure, but having effective communication and being able to work with your partner, particularly in times of high stress or even crisis, is a very important, if often overlooked, area of due diligence.
At Cetrom, our service standards don’t stop at application hosting, or just managing your cloud environment. As opposed to a traditional break/fix IT model, our support team proactively monitors all devices, hardware, and systems to create top-tier system efficiency and keep your cloud-based systems and your premise-based assets up and running, always.
And when a crisis hits, our team will identify it early and will leverage the full force of our capabilities to protect your IT infrastructure, its precious data, and the brand reputation you’ve worked so hard to build.