Most of us have been using the internet long enough to inherently know that we need to be taking cybersecurity seriously. Some of the largest, most successful companies in the entire world have fallen victim to cybersecurity attacks, from Target to eBay to Marriott. Earlier this year, a massive data breach impacting over 20 different brands including X, LinkedIn, Adobe, and others saw around 26 billion sensitive records leaked.
And while you may not have millions of users whose sensitive data you’re tasked with safeguarding, as an accounting firm you do have a responsibility to protect your clients’ data. Even the smallest organizations should be aware of security vulnerabilities. Studies indicate around 43% of all cybersecurity attacks are carried out against small businesses, which are often more vulnerable to these attacks than larger organizations with more resources to devote to IT security.
In this article, we’ll be sharing the most important steps for keeping your accounting firm safe from online attackers – this month and beyond.
Thanks to the prevalence of the internet, mobile devices, and apps, “cybersecurity” has become a term that’s so broad it’s tough to give it a specific meaning – similar to an idea like “diet” in the world of health and nutrition. To get started with the process of auditing your cybersecurity, we recommend dividing up the broader idea into the following categories:
The specific content of each security audit category will be different from firm to firm, but be sure to spend plenty of time considering these and other areas of your security. It’s also beneficial to get a second set of eyes on your checklist, whether that comes from a professional IT security consultant or someone on your team with a background in cybersecurity.
As simple as it sounds, you’d be surprised at how many cybersecurity attacks happen because the victim was using outdated software with security vulnerabilities. It’s critical to keep all of your firm’s digital tools as up to date as possible so hackers can’t exploit bugs to gain access to sensitive data. This is especially true for tools you use to communicate and store data, like email applications or chat programs. If possible, try to create an automatic update cadence so that your software gets patched without any manual effort.
As the old saying goes: “the past may not repeat, but it does rhyme.” Security experts spend lots of time analyzing previous incidents as a way to learn, even if they happened at a different company. If you’ve had any kind of security failure or incident in the past, review what went wrong and make a plan on improving practices for next time - especially if it happened recently. You might even consider creating a quick writeup to help organize thoughts and summarize improvements in a format that you can pass along to others at your firm.
While your IT department or specialist may have final responsibility for firm security, for the most protection you should encourage everyone at your firm to pitch in – including clients. Even a relatively small firm probably has more processes and communications than their IT team can manage. You should make their jobs easier by creating channels for anyone on your team to contribute to cybersecurity, even if they don’t work in IT. Consider creating an anonymous internal survey or questionnaire you can send out to get direct, specific feedback from employees without them worrying about backlash.
While security training and education for your team is certainly important, the foundation of your firm’s cybersecurity comes from the software tools you decide to use. Everything from your email client to network software to communication tools can have an impact on cybersecurity.
If you’re using proper accounting firm practice management software, you get the benefit of bank-level encryption and improved security across several different processes in your firm. A secure accounting practice management platform will make cybersecurity audits much easier because you’ll have confidence that areas like file sharing, client communication and eSignature for forms are all protected from a cyber attack.