Top 10 Cyber Security Measures For Accounting Firms

Top 10 Cyber Security Measures for Accounting Firms

Top 10 Cyber Security Measures Checklist Top CTA

Cyber Security measures are a critical component to all accounting firms. Accounting, Bookkeeping, CPA and Tax firms all handle very sensitive client information and should be up to date on cyber security measures to ensure the safety and security of that information. The IRS is very clear on the duties and responsibilities of any entity that is responsible for the safeguarding of sensitive client information.

The IRS states that “a data breach is the intentional or unintentional release or theft of secure information. It can be the improper disposal of personally identifiable information in the trash or a sophisticated cyber-attack on corporate computers by criminals. It can affect companies large or small.” (Source: IRS Data Breach: Tax Related Information for Taxpayers)

The IRS Publication – Safeguarding Taxpayer Data in Title 26: Internal Revenue Code (IRC) § 6713 states that “this provision imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns. ”

Recent IRS Releases:

IRS Warns of a New Wave of Attacks Focused on Tax Professionals
IRS Publication – Safeguarding Taxpayer Data
Data Breach – Tax Related Information for Taxpayers
Tax Return Preparers: Data Thefts and Protecting Client Tax Information
Even if your firm does not deal with “Tax” information, it is still good guidance and best practice to follow the same standards for the security of sensitive client information.

1. Antivirus

Antivirus software should be a default part of your organizations defense against online threats. Antivirus software prevents, detects and removes viruses and other malicious programs.

These threats include:

  • Viruses: Self-replicating program that copies itself over networked computers.
  • Worms: Exploit vulnerabilities in your security and then spread.
  • Ransomware: Restrict access to your computer and demand money to go away.
  • Spyware: Collects information about the computer user without consent.
  • Hackers: Nefarious individuals who use programs, like those listed above, to find vulnerabilities in your security and gain unauthorized access.

We recommend BitDefender as an extremely effective antivirus which was rated The Best Antivirus Software of 2018 by Tech Radar.

2. Passwords

Strong passwords must be a default in your firm. Online attacks that go after logins use “cracking programs” that store libraries of many different types of password combinations. There is a good chance your password may become unrealistic to try and crack if it is long and complex enough.

Strong Passwords are:

  • (12) Characters minimum
  • Upper Case Letters
  • Lower Case Letters
  • Numbers
  • Special Characters ([email protected]#$%^&*)

As an accounting firm you manage a lot of passwords for sensitive types of accounts and password management is not just crucial for working efficiently, but also for the security of those managed passwords.

I recommend your firm to use a password management tool like LastPassLastPass was rated Best Password Manager of 2017 by PCWorld.

You can use the online Password Generator to create strong passwords on the fly.


3. Encrypt Drives

Protect sensitive data if computers, laptops or hard drives get stolen.

An encrypted hard drive will prevent someone from accessing the drive and all of its contents.

It should be a requirement in your firm to have all storage devices encrypted, especially those that are storing or backing up sensitive files like tax returns, financial statements, personal information and bank account information.

Both Windows Pro Editions and Mac OS come with built in Encryption capabilities.


4. Backup your data regularly

Backing up your firms data should be another mandatory step in running your day to day operations. It is important and helpful to be able to go back and fix a mistake, or retrieve that file that you accidentally deleted or even see a file before someone changed it.

It is more important for emergency purposes. If your company has not been following all of these guidelines and gets attacked by ransomware, you will have a piece of mind knowing that if all of your data gets erased, you have your backups that you can use to retrieve your data.

Before you do anything with backups, refer to #3 and encrypt your backup drives.

Windows and Mac OS both have built in Back Up utilities.

5. Secure File Management

Secure file management is the system that you will be using to conduct your day to day operations. If you are an “Accounting Firm of the Future” than this is for you. You will need to make sure that you are using a Secure Cloud File Management system that can not only secure your day to day files, but also your sensitive client documents. Depending on how you do things in your firm, you may opt to have all your storage done in one place, or separate your day to day work files from your sensitive client files.

There are many options to choose from in regards to Secure Cloud Based File Management Systems. Below is a list of the most popular

DropBox: Rated The Best Cloud Storage Service of 2017 by TechRadar




  • Single Sign On (SSO) SmartVault
  • 256 bit AES & SSL/TLS Encryption
  • Two Factor Authentication (2FA)
  • SmartVault Compliance: PCI DSS, HIPAA, FINRA, GLBA, SEC


6. 2 Factor Authentication for Account Login

Two Factor Authentication, also known as 2FA, is an extra layer of security that requires not only a password and username but also something that only that user has on them, i.e. a piece of information only they know or have immediately on hand. This is a very good security strategy to use for sensitive account logins such as bank accounts, accounting software, online secure file storage account etc…

2 Factor Authentication is most commonly operated in two ways:

  1. A code sent via text message to your mobile device.
  2. A 3rd Party 2FA Application on your mobile device.


7. Mobile Phone Security

A study, conducted by Flurry, shows U.S. consumers actually spend over 5 hours a day on mobile devices! About 86% of that time was taken up by smartphones, meaning they spend about 4 hours, 15 minutes on our mobile phones every day. I am sure that within your organization you have individuals who send emails, check tasks, conduct business calls and take business notes all on their phones. For some reason the majority of people do not properly secure their phones the way they would their computers. It is crucial to apply the basic phone security principles and, if necessary, apply more advanced mobile security options.

Mobile Security best practices:

8. Update Operating Systems and Applications Regularly

You should be updating your computers operating systems on a regular basis. Hackers and Criminals are more active than ever and without the latest updates your computer can be at risk. In the accounting industry when dealing with sensitive financial information, you do not want to deal with the consequences of having your confidential client information stolen, lost or erased. Make sure that you put in place some type of procedures that ensures your computers are updated frequently.

9. VPN

A Virtual Private Network, or VPN, creates an encrypted virtual tunnel between your computer and the server operated by a VPN service provider. All external internet traffic flows through this tunnel so that your data is secure from any one who has access to your internet or has hacked their way onto your network and is capturing the data that is being passed on it. A common practice where this type of behavior takes place is at locations with open public networks such as Starbucks, Airports, Libraries, Co-Working facilities or any other place that has shared internet. If you or anyone else in your firm works in these types of environments, using a VPN should be your priority.

Some good VPN options to choose from: As Mentioned on CNET’s best VPN services of 2018





Express VPN

10. Firewall

It is imperative that your computers have a firewall set up. A firewall protects your computer from unauthorized remote access. Windows and Mac OS both come with built in firewalls, they are usually turned off when you first receive your computer. If you are having trouble with this feature, you can use the links provided below and/or search YouTube or Google for how to turn on your Operating Systems Firewall.

How to turn on the Mac OS Firewall.

How to turn on the Windows Firewall.

Top 10 Cyber Security Measures Checklist Bottom CTA


The information is provided by ProAdvisor CPA and while we endeavor to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on this document for any purpose. Any reliance you place on such information is therefore strictly at your own risk. ProAdvisor CPA and its Authors are not cybersecurity professionals and do not hold certifications in information security or cybersecurity. The information is provided based on the experiences of the authors of ProAdvisor CPA. ProAdvisor CPA has no connection to and is not representing or a representative of any of the products or services mentioned in this document.

Facebook Comments

Rebecca A. Casarez, CPA is the founder of ProAdvisor CPA. She is an experienced CPA with a demonstrated history of working in the accounting industry assisting business owners and accounting professionals. She is a strong leader who provides bookkeeping, financial accounting, tax planning and tax preparation services to business owners and individuals alike. She is also a Co-Founder of Green Ledger CPA. “The Grass is Greener on the side you water”. Follow her @ProAdvisorCPA.

Close Menu