CPA firms are getting hacked. Client data in CPA firms is a gold mine for cybercriminals. The right kind of data can net a hacker millions of dollars over the next five years. They use the information for anything from credit card scams and identity theft to stock manipulation and corporate espionage. One of the biggest leaks of information is through emails. Emails go to customers, clients, corporations, and internally throughout the office. Every single one of these millions of emails is a potential threat. So, how do you protect your data from hackers? Managed service providers can provide most of the security you need.

Email Encryption
This one may seem obvious, but there are still a lot of CPA firms not allocating the resources necessary to implement a solid email encryption strategy. In some cases, offices are only securing the email sent to and from management, but in order for the security to work correctly, these offices need a full email lockdown. In other words, all computers should be allocated with encryption software. There should also be another level of encryption at the server level to provide a secondary filter against hackers.

Encryption may not stop some hackers from attaining the data, especially from wireless devices, but it does prevent them from understanding what information is stored in the data. Think of the data as a hard steel box with no door and no lock. Hackers can steal the box, but they are not getting inside.

Wireless Lock Down
All computers should be locked when the user is not at their desk, but this applies even more so to wireless devices. Wireless devices that can be physically stolen should remain locked if not in use, and any connections to the corporate website should be severed before walking away from the device. Also, make sure that no data is downloaded to wireless devices. If possible, only connect to corporate servers through a VPN, and make sure to follow all protocols. If a wireless device is stolen then immediately call your IT department, and they can perform a remote format on the device and destroy all the data.

Train Employees
This is more important than most people realize, and because of that more hackers get in through personal emails. Yes, it can be boring for personnel to have to sit through another corporate lecture on email abuse, so it is best to come up with ways to update your employees on the importance of email protocols. Your managed service provider can monitor email traffic through a control panel that shows specifically what workstation started a virus. Some basic rules should be emphasized to your employees:

• Verify the source of any email with an attachment. If not 100 percent sure of the sender, then do not click on the link.
• Do not respond to any email asking for personal information. If the IT department wants your login information they should ask for it in person. If HR wants information, then tell them you will stop by on your next break.
• No personal emails should be routed to corporate servers. If the employees want to have access to personal mail then they should open those from a non-corporate account.

Software Updates
This is where the IT department or your managed service provider comes in. Part of your data protection management protocols should include software upgrades. Typically, you can have the IT department perform the upgrades, but a provider can perform the same tasks without interfering with your firm’s work environment. Every email update has potential malware and virus protection upgrades. We hear about the big viruses that infect major corporations, but there were more than 22 million new malware samples in the first quarter of 2017. Software upgrades are an integral part of protecting your CPA data from cyber threats.