Accounting firms are among the most vulnerable to Internet threats such as viruses, hacking and malware.
Since theft is often the goal of these attacks, accounting firms are particularly susceptible to legal action resulting from fraudulent bank activity directly related to malicious external exploits.
Educate your Employees
Your employees pose the greatest risk to CPA firm’s security, but with suitable staff education the risk of a security breach can be reduced. Upper-level management should always make sure that their employees are aware of correct security protocols when storing and distributing important information.
Passwords are one way a company can take pre-emptive action towards a possible future security breach. Making sure staff change their password periodically and have at least10-15 characters with uppercase, lowercase and mixture of numbers and symbols.
Educate staff on scam and phishing emails. Clickable links within emails that pose as a trustworthy source is an extremely popular method for shifty hackers to gain access to login credentials or worse! Any email that looks “phishy” (pun intended) should immediately be forwarded to your IT Department for investigation. Do not forward these emails onto other staff members as they may open the link thinking it was sent from a fellow colleague and trustworthy source!
If your firm hosts it’s data in the cloud, make sure you know the location of stored data. Hosting data on servers outside of your country could be subject to search and seizure, all depending on the laws of the specific country. The cloud service provider should be able to answer these simple questions:
What encryption methods are in place for data in transit and at rest?
Who is responsible for the encryption keys?
Does the firm’s client base approve of data being stored in the cloud?
What litigation holds does the cloud service provider have in place to prevent the deletion of data?
If your staff can access data storage sites remotely from their laptops or smartphones without difficulty, then your firm’s network security is not strong enough or adequate enough to store confidential information that most account firms hold. A good way to make this more secure is create a network-enforced password and alternate it on a regular basis.
With more workforces allowing their employees to work from home, more secure protocols should be put in place. Your need to make sure you have a solution that is secure when applied and that no major changes made are going to leave back doors into your systems.
Authorized User Access Rights
Giving every employee the same access rights to all files and folders is going to cause issues at some point. You want to create user groups for different hierarchies. Assign user rights to specific groups and add certain people to their corresponding groups for different access levels. For example, Joe from Front Desk shouldn’t be given full access rights across the board, in-case he stumbles across highly-confidential personal accounting information. These rights should be reserved for the accountants-level user group.
Super-users such as the network administrator or CTO should also have different accounts for accessing this data. A separate account should be set up for this person alongside his everyday account for normal workflow processes. He or she would only access their all-access account to manage and make edits to the network.
Email and file access encryption with the ability to remotely delete files in this day and age is a must. The plethora of mobile devices with confidential information from the workplace pose a huge security risk. Laptops, mobile phones and tablets, if lost, stolen or misplaced are at high risk of being hacked and having vital information accessed.
Complete hard drive wipe can be initialized remotely or another method would be to render all information into unreadable code by encrypting it so it can be deciphered without the proper authentication key. Even if the hard drive is removed and accessed by a different machine, all the data will still be encrypted.
This method isn’t just used for stolen devices, but for terminated employees who still have access to their business laptops and sensitive information. All this data can be removed at the click of a button.
If you feel your data isn’t secure enough, contact BluZEBRA Technologies for a network assessment to verify your business’s weak spots.
Phone: (206) 388-1600