The current cyber environment may seem overwhelming and the list of threats endless. Ransomware. Password guessing software. Vulnerable technology. Public WiFi. Phishing attacks. Thankfully, you don’t need to be a cybersecurity whiz to protect your firm and your clients. Those security geniuses are busy around the clock. You can leverage their work to build a practical but effective security program for your accounting team, CPA firm or bookkeeping practice.
The IRS released a six-step guide for accounting cybersecurity. Let’s explore these steps and learn some practical ways you can protect your firm and your clients in the coming months and years.
1) Install and Update Antivirus Software that Scans Files and Memory for Malware
The IRS requires malware protection on any system that stores, processes, or transmits Federal Tax Information. While the IRS does not mandate any specific malware/virus detection software, it has approved Symantec Antivirus for use on Windows systems internal to the IRS. Be sure to set it up to automatically update so you always have the most current protection.
2) Use Firewalls to Shield Your Computer or Network from Malicious Traffic or Malware
Firewalls come in two broad categories: hardware and software. Hardware firewalls are physical devices that can be integrated on home or office routers. Some internet service providers (ISPs) offer these directly, or they can be purchased through a vendor. Firewall software typically comes with operating systems or can be downloaded from a reputable website. Both types of firewalls help prevent unauthorized access to computers, but they cannot protect data in case a user downloads malware through a phishing attack.
3) Use Two-Factor Authentication to Secure Email, Accounting Software or Any Password-Protected Product
Accounting professionals should always use two-factor authentication when it’s available. Two-factor authentication requires both a username and password, and a second authentication method sent by text or through an app. Bad actors may uncover your username and password, and can spoof your mobile phone texts, but it’s nearly impossible for them to breach both these technologies at the same time.
4) Routinely Backup Critical Files to a Secure External Hard Drive or Cloud Storage Service
It may seem counterintuitive to create an additional copy of the data you’re trying to protect, but public cloud providers like Microsoft and Google have tens of thousands of security professionals working to secure that data. If you upload the data through a secure connection, it’s relatively safe in a public cloud environment. Our company goes one step further by deploying active threat detection monitoring on all our public and private servers. The point is if something happens to your business-critical data, such as losing a computer, human error, or something more malicious, you’ll have a copy of the data that’s secure and can be restored.
5) Encrypt Files on Computers and Removable Media
Some accountants and CPAs believe encryption is too complicated or that an attack won’t happen to them. However, even the smallest accounting firms store sensitive data like social security numbers and bank account information, so they are attractive targets for cybercriminals who can sell this information on the black market. Ensure your data is encrypted both where it’s stored and when it’s transmitted across a network.
6) Write Down Your Data Security Plan as Required by the Federal Trade Commission’s Safeguards Rule 5
A comprehensive security plan includes the security measures you’ll be implementing within your organization. Perhaps more importantly, it includes a playbook for the role everyone in the organization plays in security. At the least, an accounting data security plan should account for how you’ll educate team members about the methods used by hackers to breach data as well as security best practices for counteracting these threats.
Closing Thoughts on Accounting Cybersecurity
Talk about data breaches and ransomware attacks can seem overwhelming — after all, you want to focus on helping clients and growing your business. But cyber threats aren’t going away, so it’s helpful to reframe this as part of your fiduciary responsibility to your clients. They come to you, after all, because they want to focus on the core aspects of their own businesses or personal lives. Consider cybersecurity as another avenue to holistically serve your clients. Learn more about cybersecurity for accountants from our tech expert and stay safe!