Is Your Data Secure? A Cybersecurity Checklist for Accounting Firms

Cyber Security Image one 4576 X 3051 JPG

By Zachary Rimlinger on June 20, 2018 

As data moves from client to firm and vice versa, it needs to be protected in transit and on the devices being used to access it, whether it’s your employee’s laptop or smartphone. In addition, your firm’s employees may need to receive and access that data digitally. While sharing documents via the cloud can make it easier and faster for everyone involved, it does add an additional layer of risk in exposing client data.  Also, a frequently forgotten channel of communication that needs to be protected is mail. As a conduit for important documents, it also requires a unique set of security practices.

Protecting client data is an ongoing challenge especially due to the varied ways your clients wish to provide documentation and access to their data. Considering all of this, here’s a checklist to get you started on ensuring client data is safe and secure, no matter how it’s being shared or accessed.

  1. Conduct an annual cybersecurity audit and assessment.  Preferably, this should be done by an outside firm and done annually. Expect the firm to review things such as password policy, privacy policy, agreements with vendors and contractors, data backup, and disaster recovery plans and network security. 
  2. Review every phase of your business processes, whether it’s client onboarding or a standard service such as filing taxes on behalf of your clients.  Review which employees are involved in the various stages and ensure that you have security guidelines in place at every step. You’ll want to ask:
    • Has each employee been required to review and agree to your company’s policies for accessing and sharing company data?
    • If employees are aware of your BYOD (Bring Your Own Device) policy? (And if your BYOD policy is comprehensive.)
    • Does your IT require that passwords are changed regularly? 
  3. Review the security policies of any cloud-based apps or premise-based solutions your firm is using to ensure that:
    • Vendors and providers are PCI compliant
    • Each cloud-based provider you are using ensures business continuity whether there is an outage or disaster
  4. Protect data on premise. A network firewall should be installed, updated and tested annually. Firewalls prevent unauthorized users from accessing your network by filtering incoming and outgoing traffic and data based on a set of rules. They also provide an additional layer of security that can make it more challenging for hackers to make a malicious attack on your network.
  5. Mail can be at risk of a physical breach of your mailbox or run the risk of getting misplaced or damaged in your office. Once you’ve set up cloud security, consider moving your mail and important documents into the cloud as quickly as possible. When choosing document management providers, be sure to dig into their security policies. 

A final tip: if you’re still unsure of where to start, or want additional information, search for a reputable cybersecurity auditing firm in your local area. Ask for a list of customer references you can call to find out what their experience was with that firm or look for customer reviews or ratings on their Facebook page. This allows you to get more familiar with the different approaches that you can take to protect your business and client data. Three things to ask for are quotes and approaches around: cybersecurity audit, updated plan, and annual support. 

Join Thousands of Businesses on Earth Class Mail

Automation plans starting from $69.00.