Andrew Wall, CPA, is the founder of CPA4IT, an accounting firm specializing in serving IT consultants. Given his own professional background in IT and his client base, Wall’s firm is vigilant when it comes to continually surveying its workflows, its remote team infrastructure from a security and accessibility standpoint, and the way that it collaborates with clients.
Awareness and ongoing monitoring is one of the best defenses there is in response to the dynamic cybersecurity threats facing the accounting profession.
“In recent years, zero trust security models have gained popularity as a way to protect data and systems," Wall says. "Under a zero trust model, all users are treated as potential threats, regardless of their location or identity. This means employees and firm clients must be educated about best practices related to working with your firm and how to exchange data securely. Providing the necessary education and training for your clients is a key defensive cybersecurity strategy for your firm.”
Best Cybersecurity Protection Practices
You can use the following checklist as a starting point for addressing some of the key issues your clients should be aware of to help you protect their data when working with your firm. Remind your clients that no form of protection is foolproof, but these tips are a good starting point for even more in depth conversations.
No. 1 — Protect your data
Awareness is critical when it comes to protecting your data. Never share personally identifiable information like your Social Security number or credit card number unless you know the reason why and can verify exactly who is getting the information. Remember, social media is another channel for cyber security criminals, as is your phone and text messages. Be vigilant.
No. 2 — Avoid clicking on pop-ups, unknown emails and links
This is a very simple but effective strategy for avoiding phishing. Phishing emails may spoof legitimate looking emails to try to trick you into clicking on a link that may result in a malware attack, security breach or other issue. Be cautious of links and attachments in emails from senders you do not recognize and even from people you do recognize as email addresses can be spoofed. With just one click, you could enable hackers to infiltrate your organization’s computer network.
No. 3 — Use strong passwords and a password manager
Make sure you use strong and complex passwords, changing them often. Using simple or repeated passwords on websites you access puts you at risk for a hack. Strong passwords have at least 10 characters and include numbers, symbols, upper and lower case letters. A password manager can help generate secure passwords and keep track of your passwords.
No. 4 — Make sure to use multi-factor authentication
Taking an extra step before logging in adds an additional layer of protection, prompting you to take at least one extra step—such as providing a temporary code that is sent to your smartphone before you can log in to an account. While more and more software platforms natively support Multi factor authentication you can also add it by utilizing third party tools like DUO.
No. 5 — Avoid unsecured Wi-Fi
Make sure your home wi-fi is secure, encrypted, and hidden. If you are using public Wi-Fi networks do not access our firm’s portals or your bank information. Doing so will make your data vulnerable to being intercepted. If you must use unsecured WiFi ensure you use either a software or Physical VPN.
No. 6 — Invest in security software for your data and devices
All of the devices you use at work and at home should be protected by security software such as Crowdstrike, Malwarebytes or other antivirus and anti-malware software. However, you will want to verify that the solution you are choosing is indeed an ideal solution. For just a few dollars a month can help you avoid an expensive breach later on.
No. 7 — Update your web browsers and operating systems with the latest protection
Making sure you keep your devices updated with the latest software is critical. Cyber criminals prey on devices without the latest software updates and outdated operating systems, so it is important to ensure that you keep all of your devices and networks up to date. Patching is one of the most often overlooked practices and can expose your otherwise secure practices to potential risk unnecessarily.
After sharing this initial checklist with your clients, be sure to follow up with the specific, actionable steps they can take to work securely with your firm and the various applications they will need to be familiar with and use..
“Working with a partner such as Swizznet, your firm will have access to the knowledge and expertise to keep your firm safe from the latest threats,” Wall says. “They will be able to advise you on the best practices for keeping your data secure. By leveraging a technology partner that takes security seriously, you can help protect your accounting firm and your clients from ever-evolving cyber security threats.”
Like what you're reading?
Subscribe to our FREE newsletter and we'll deliver content like this directly to your inbox.