IT security

Getting Serious About IT Security in the CPA Office

June 22, 2017


It’s time for even the smallest of CPA firms to get serious about IT security. According to the website databreaches.net, accounting and financial firms are a regular target of hackers:

According to Accounting Web, data breaches in the United States have seen a 40 percent increase since 2015. If your accounting firm isn’t actively talking about ways to mitigate the risk of hacking, maybe it’s time you should.

The State of Security, 2017

Forbes tells us a recent IBM report outlines the top five industry targets for hackers are:

  1. Healthcare
  2. Manufacturing
  3. Financial services
  4. Government
  5. Transportation

Over the years, we’ve seen a lot of lip service being paid to security, but not a lot of follow through across the market. This includes some of the larger, but still traditional industries like hospitals, banking, or finance. Unfortunately for us, hackers have started to notice our digital vulnerabilities:

  • On May 10, 2017, NBC News reported, “Thousands of Patient Records Leaked in New York Hospital Data Breach.
  • According to Health IT Security, four of the top five security breaches so far this year have occurred in healthcare organization.
  • Becker’s Hospital Review published their top 15 data security breaches in healthcare already this year, and it includes everything from phishing scams to theft of hardware, to ransomware.

The kinds of threats we’ve seen recently have been tied to simple things you may be doing on your computer every day, such as surfing the web or opening a seemingly legitimate email. Other viruses, like the notorious WannaCry, exploit vulnerabilities in computer operating systems that are using non-patched or outdated software or hardware.

WannaCry installed ransomware, a type of virus, which highjacks your computer, encrypts your files, and exhorts a payment to regain access. WannaCry showed up in the news last month when the virus attacked 300,000 computers worldwide. It’s important to note that hackers took advantage of legacy Windows operating systems when IT administrators failed to update their platforms.

In June 2017, the news broke about new FireBall malware which has infected around 250 million computers with a virus that allows hackers to view what you’re surfing and potentially steal private information.

CPA firms have worked with technology partners or internal IT staff to install intrusion detection programs and train staff in safer computing techniques. Changing human behavior is sometimes easier said than done, but engaging the staff along with security-focused hardware and software can mean the difference between an embarrassing and distressing cyber breach and the security of your client’s data.

Want to learn more about what you can do to keep your CPA firm safe? Buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.

According to Accounting Web, the top IT security threats include:

  1. A hacker could certainly exploit human error. This could include leaving passwords accessible, failing to change them frequently, or failing to log out.
  2. By far, the riskiest behavior is clicking on an email from an untrusted source. Phishing emails that look like they’re coming from a bank, or a client, but when you open the email and click on a link, it downloads malware (a virus) into your machine.
  3. Mobile phones are now a point of danger for CPA firms, especially if employees are accessing your critical business functions from their unsecured digital devices.
  4. Third-party sites are also a point of weakness; if you use a third-party site at work, make sure you log out.

Many CPA firms are choosing to mitigate their security risk by hiring third-party vendors to manage their IT infrastructure. These technology experts provide outsourced cyber security solutions for CPAs as an affordable monthly subscription.

Cyber Security Solutions for CPAs

Managed service providers (MSPs) provide security as a service (SecaaS) for CPA firm. MSPs can offer everything from:

  • Consulting on the security of your technology infrastructure.
  • Implementing firewalls and other security software.
  • Monitoring the network for security breaches.
  • Creating a business contingency and recovery plan to protect your data in the event of a crisis.

Many smaller businesses choose to outsource IT completely to MSPs. In addition to security, MSPs can host all your vital functions in the cloud, from email to a virtual server, data storage, and even manage cell phones or other digital devices. Hosted cloud services are more affordable than on-premise hardware, can be updated more quickly, and are able to scale up or down when you need it the most.

To find out more about MSPs:




Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend