Security and Compliance
Accounting Cybersecurity: Checklist to Build Client Trust
Your clients don’t just trust you with their finances. As a CPA, you handle vast amounts of confidential client data daily. And for cybercriminals, this sensitive data makes your firm a prime hacking target.
In today’s digital world, protecting your practice from cybercrimes has never been more critical. Ensuring clients’ sensitive information is safe against data breaches is crucial for building trust, running a successful practice, and taking your firm to next-level greatness. In this article, we’ll explore why cybersecurity for accountants is important, the steps firms can take to enhance financial data security, and what to look for in accounting software to ensure CPA cybersecurity for your business and clients.
Why Accounting Cybersecurity is Important
Several factors make accounting firms an attractive target for cybercriminals.
First, as we alluded to above, accounting firms harbor a lot of sensitive data. From personally identifiable information (PII) like social security numbers to financial data like bank account numbers and investment records, your firm is a goldmine for cybercriminals looking to compromise identities, make unauthorized transactions, and commit tax fraud.
Second, accounting firms often lack the appropriate security measures. Many small to medium-sized businesses think they’re too small to be attacked. However, a recent report found that 30% of all cyberattacks are focused on small businesses because they lack cybersecurity measures. By overlooking the importance of security best practices like PCI compliance and staff training, firms are making it easier for cybercriminals to carry out attacks.
The State of Accounting Cybersecurity Attacks 2024
Cybercriminals are evolving along with technology. Between the emergence of Malware as a Service (MaaS), a rise in the use of artificial intelligence (AI), and more sophisticated phishing techniques, accounting cybersecurity attacks are on the rise. A recent report found that in 2023, the average cost of a data breach to a business hit $4.45 million around the globe—up 15% over three years.
While it may seem cybercriminals have their sights set on large banks or financial institutions, they’re just as eager to hit small to medium-sized businesses. For instance, Gustafson & Company, a small accounting firm based in Portland, OR, fell victim to an accounting cybersecurity attack that compromised the personal data of 1,900 individuals and cost the firm $50,000.
Cybersecurity Checklist for Accounting Firms to Ensure Financial Security
Boosting your firm’s security is easier than you might think. Here’s a CPA cybersecurity checklist of best practices for more robust security, enhanced client trust, and greater peace of mind.
1. Take Stock of Your IT Assets
Securing your technological infrastructure starts with knowing what you’re working with. Take inventory of technology components such as:
- Networking infrastructure: What networks do you have in place at your firm—wired (LAN), Wi-Fi, or both? Do you have a guest network? Note which computers/devices are connected to each network and include the names of everyone with network passphrases.
- Hardware and systems components: List all computers and pieces of hardware, including PCs, laptops, mobile devices, printers, file servers/network-attached storage, and external hard drives.
- Data and applications: What business software do you use (QuickBooks, CCH Access, etc.), and how do you use it? Note what information is managed in each tool and where the data is stored (local computer, on-premises storage, cloud). Record the storage location of any other data archives or backup files.
- Users: Document the names and usernames of everyone with an account on your systems and note their level of access.
2. Strengthen Your Passwords
Your firm’s data is only as secure as the passwords protecting it. Keep client information safe and protect your firm from accounting cybersecurity attacks by diversifying and strengthening your passwords. Password managers are great for generating and storing passwords for various devices and applications.
__To create a sophisticated passphrase, consider using: __
- Upper and lowercase letters
- A mix of punctuation and numbers
- A minimum of 12 characters
Avoid using:
- Anything that’s a word, slang phrase, or acronym
- Personal information like birthdays, social security numbers, or family names
For additional security, consider enabling multi-factor authentication (MFA), also known as two-factor authentication. MFA requires you to supplement a username and password with a code that’s generated in real time and sent to you via a separate device, like a mobile phone. Without both the password and code, a cybercriminal can’t access your accounts.
3. Fortify Your Network
An unsecured network can be a gateway that connects cybercriminals to sensitive client data. To reduce the risk of your Wi-Fi being used to breach your systems, be sure to:
- Establish and protect administrator access to your network: Use a password manager such as 1Password or Keychain Access to create a strong password for administrative access to your router, and update the password in your router’s settings. Consider keeping staff and internal devices on a primary private Wi-Fi network or LAN.
- Configure your Wi-Fi authentication settings: Password-protect all of your networks to reduce the risk of breaches. We recommend working with an IT professional to help you set this up correctly.
- Ensure guests can’t access internal systems: Watch for options that allow guests to access your LAN, local network, or intranet.
- Protect hardware from unauthorized access: Keep your router in a secure location, like a locked cabinet.
4. Protect Internal Systems
Cybercriminals can take multiple routes to access your firm’s systems and accounts. One of the greatest threats to your internal systems is malware—software created to damage or disable computers and their systems. Many malware threats operate by taking advantage of weaknesses in software for which fixes are available. To minimize malware threats, keep your systems up to date, enable automatic updates, and install anti-malware software.
Additionally, you can protect internal systems by:
- Enabling your firewall (configure it to block all incoming connections except for applications you specifically enable).
- Limiting what users can access and modify (minimize privileges to ensure confidential information is only accessible to specific people, such as administrators).
5. Secure Sensitive Data
You’re responsible for maintaining the security and integrity of all firm data. When handling sensitive information within a browser, be sure addresses start with “https,” and avoid using websites your browser flags as having an untrusted certificate. Secure the data stored on your computer by enabling “whole drive” or “whole disk” encryption in case it’s lost or stolen. While the information stored in cloud services typically meets minimum requirements imposed by industry-governing bodies, contact your cloud provider when in doubt about data privacy and protection.
6. Implement Secure Billing and Payment Software
To ensure financial data security, implement secure billing and payment software. The right accounting software gives firms the tools and features necessary to increase profitability, streamline payments, and boost client trust and satisfaction.
4 Features Accounting Firms Look for in Secure Software
While a variety of accounting software is available on the market, there are certain features to look for to ensure security for your clients.
Chargeback Support
Any firm that accepts credit cards should be prepared to face payment disputes. Successfully disputing a client’s chargeback depends on providing the right documentation at the right time. To simplify the complex process, look for software that provides chargeback support on your behalf. CPACharge has 2X the industry average chargeback reversal rates, so you can trust you’ll be well-positioned to prevail in payment disputes if they arise.
Card Vault
Many firms still take client payment information over the phone and store it in file cabinets. While this may seem safe, it can lead to a host of security issues. Your firm has better things to do than play a game of phone tag with clients every time a payment needs processing.
Card Vault is a proprietary CPACharge feature allowing firms to store a client’s preferred payment methods in a secure, encrypted digital archive. Securely storing a client's preferred payment method enables charges to be made on the client’s behalf for easy, contactless experiences that save time and streamline billing. Your firm can even store multiple types of payment methods under a single client.
Help Your Business Maintain Compliance
Payment Card Industry (PCI) compliance is a set of standards that businesses must follow when processing, storing, and transmitting credit card information. While PCI compliance is designed to prevent cardholder data from falling into the wrong hands, it can be challenging for firms to navigate—especially when standards are constantly evolving and changing. CPACharge provides assistance to help your firm become and remain compliant. We’ll guide you in completing your annual compliance questionnaire and answer any questions you have at no additional cost.
Reliable Client Support
There’s nothing better than software that comes standard with in-house support. Contact CPACharge by email, live chat, or phone to have your questions answered by a real person. Our support team, chargeback team, and dedicated account managers are ready to help you at a moment’s notice. We also offer an extensive library of support articles and how-to videos.
“I find it very user-friendly for the most part, and customer service is quick to respond to any issues and seems to be knowledgeable regarding the two particular issues I've had.” — Verified G2 Customer Review
3 Indicators of a Trustworthy Accounting Software
Giving your customers peace of mind starts with providing a trustworthy experience. When looking for a new accounting software partner, asking the right questions is important:
- Is the software/company trusted by peers? Review unbiased sources and look for G2 Badges.
- Are they trusted by industry leaders? CPACharge is trusted by 39+ State Societies, endorsed by NATP and NAEA, and is an AICPA Member Discount Partner.
- Is the software provider PCI Level 1 compliant? As cyberattacks evolve, it’s your responsibility to handle cardholder data safely and securely. CPACharge is PCI Level 1 compliant, so you can rest assured your firm meets all standards every time.
Earn and Keep Your Clients’ Trust With CPACharge
Your clients trust your firm to handle their accounting needs while protecting their personal finances and sensitive data. At CPACharge, we know your reputation matters—and we’re here to help you maintain it. Book a demo of CPACharge today to elevate your firm to next-level security and, in turn, greatness.