Company 
Team 
Local Government Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Cloud Hosting 
Co-Managed %201.svg){kind=icon}
Managed VOIP 
Managed Security Services 
Data Backup + Disaster Recovery 
CMMC Compliance 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
Cybersecurity
I am often approached by accounting professionals who share their questions and concerns about how to protect their accounting technology and computer systems from malware and other cyber crime threats. This is an understandable worry considering that cyber crime has been reaching record numbers each year, with 2017 experiencing the highest number of cyber attacks.
Malware (short for malicious software), in particular, is a cybersecurity issue that has been increasing in terms of both the number of occurrences and the breadth of attacks over the past several years. In addition to stealing your sensitive information, these insidious attacks also can result in your computer systems being destroyed and your money or resources being sold to other cybercriminals on the dark web.
What people from small- or medium-sized businesses (SMBs) tend to wonder is whether their firms and data are at risk due to the size of their business. The answer, unequivocally, is yes for three main reasons:
- It doesn’t matter how small your firm is, it can still be targeted by cybercriminals who want to access or sell data belonging to your clients or your firm;
- You handle clients’ sensitive data and personally identifiable information (PII), which is not only worthy of being protected but also is REQUIRED to be protected; and
- Once cybercriminals gain access to your systems, they can use your firm as a platform to launch future attacks against others, including your clients.
Certified professional accountants (CPAs), for example, are ethically and legally bound to safeguard information that is “obtained or used to prepare a tax return” — this includes everything from the physical security and storage of data on various forms of CPA technology to the way the information is transmitted and by whom.
But, how can you tell whether your firm has adequate protections in place? I’ve put together a few things you can do to determine your organization’s risk regarding these virtual threats and ways you can begin stepping up the cyber crime prevention efforts of your firm.
CONDUCT AN IT RISK ASSESSMENT
A good place to start for determining the preparedness of your accounting firm is to conduct a technology security assessment. The purpose of this type of assessment is to identify any flaws or weaknesses in your network, servers, and devices that could potentially be exploited by cybercriminals. These gaps in your security can come in many forms, including:
- Unpatched or outdated systems;
- Non-adherence to security-related policies or a lack of policies altogether;
- A lack of visibility into your network and any devices connected to it;
- A lack of awareness of cybersecurity best practices; and
- Non-existent or outdated data backups.
There are positives and negatives aspects to focus on in these multifaceted security assessments. Three main areas to consider as part of FPA’s technology security review project (TSRP) include policies, processes, and systems.
While there is no way to prevent 100% of all cybersecurity and malware attacks, you can at least begin taking steps that can help to decrease the number of attacks and slow down your attackers, giving your systems time to identify threats and stop them in their tracks.
ROLL OUT CYBERSECURITY AWARENESS TRAINING
Human error is one of the most significant ways that hackers are able to spread their chaos to your accounting technology. One of the most common ways that malware can gain access to company systems is by taking advantage of unsuspecting or uninformed employees. This can be accomplished through phishing or by encouraging users to simply click on a link or open a document that’s sent through a seemingly innocuous email.
This is where cybersecurity awareness training can come in handy — it is an incredible form of cyber crime prevention. Now ask yourself: Do you know where your accounting firm rests on the cybersecurity awareness training levels? This can range from the first stage, which means that your cybersecurity awareness is non-existent, all the way up to stage five, which means that you have a metrics framework in place to improve your systems and demonstrate awareness program success.
By creating and implementing cybersecurity awareness training, you can begin addressing gaps in employee knowledge regarding online safety best practices and helping them to increase their vigilance.
IMPLEMENT AN ORGANIZATION-WIDE COMPUTER USE POLICY
Creating and enforcing an effective computer use policy is a way to ensure that your employees are abiding by your firm’s technology use standards and rules of engagement. This offers your firm some legal protection by placing the responsibility of data security into your employees’ hands. It also helps to ensure that they understand what is considered acceptable or unacceptable uses of your firm’s computers and other related accounting technology.
Not sure where to begin when trying to create a policy? That’s okay — you can create one on your own or you can use an experienced managed IT services company, like VC3, to handle the task for you.
While different forms of malware are not the only cybersecurity threats facing accounting firms today, they are still among the most dangerous. I hope that you have found this information to be helpful and informative.
