Cloud computing

Email Data Protection for CPA Firms

September 16, 2020

CPA firms are getting hacked. Client data in CPA firms is a gold mine for cybercriminals. The right kind of data can net a hacker millions of dollars over the next five years. They use the information for anything from credit card scams and identity theft to stock manipulation and corporate espionage. One of the biggest leaks of information is through emails. Emails go to customers, clients, corporations, and internally throughout the office. Every single one of these millions of emails is a potential threat. So, how do you protect your data from hackers? Managed service providers can provide most of the security you need.

Email Encryption

This one may seem obvious, but there are still a lot of CPA firms not allocating the resources necessary to implement a solid email encryption strategy. In some cases, offices are only securing the email sent to and from management, but in order for the security to work correctly, these offices need a full email lockdown. In other words, all computers should be allocated with encryption software. There should also be another level of encryption at the server level to provide a secondary filter against hackers.

Encryption may not stop some hackers from attaining the data, especially from wireless devices, but it does prevent them from understanding what information is stored in the data. Think of the data as a hard steel box with no door and no lock. Hackers can steal the box, but they are not getting inside.



Wireless Lock Down

All computers should be locked when the user is not at their desk, but this applies even more so to wireless devices. Wireless devices that can be physically stolen should remain locked if not in use, and any connections to the corporate website should be severed before walking away from the device. Also, make sure that no data is downloaded to wireless devices. If possible, only connect to corporate servers through a VPN, and make sure to follow all protocols. If a wireless device is stolen then immediately call your IT department, and they can perform a remote format on the device and destroy all the data.

Train Employees

This is more important than most people realize, and because of that more hackers get in through personal emails. Yes, it can be boring for personnel to have to sit through another corporate lecture on email abuse, so it is best to come up with ways to update your employees on the importance of email protocols. Your managed service provider can monitor email traffic through a control panel that shows specifically what workstation started a virus. Some basic rules should be emphasized to your employees:

  • Verify the source of any email with an attachment. If not 100 percent sure of the sender, then do not click on the link.
  • Do not respond to any email asking for personal information. If the IT department wants your login information they should ask for it in person. If HR wants information, then tell them you will stop by on your next break.
  • No personal emails should be routed to corporate servers. If the employees want to have access to personal mail then they should open those from a non-corporate account.
  • If an email looks risky, then do not forward it to the IT department. Have them come to your desk and analyze the risk locally.

Software Updates

This is where the IT department or your managed service provider comes in. Part of your data protection management protocols should include software upgrades. Typically, you can have the IT department perform the upgrades, but a provider can perform the same tasks without interfering with your firm’s work environment. Every email update has potential malware and virus protection upgrades. We hear about the big viruses that infect major corporations, but there were more than 22 million new malware samples in the first quarter of 2017. Software upgrades are an integral part of protecting your CPA data from cyber threats.



Contact your managed service provider today and see how they can help you with data protection management services. Smaller CPA firms can benefit from the use of higher-end software typically used by larger corporations, and medium- to large-sized corporations can benefit with a secondary email protocol system in place. It is important not only to take care of your email systems but to monitor any potential threats, one email at a time. Request a quote and see how TOSS can help you today.

Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend