Security and Compliance

How Third-Party Vendors are Helping CPAs Protect Client Data

Lara Berendt
March 13, 2017

Today’s accounting professionals know that data security is a more urgent concern than ever. CPAs are in possession of their clients’ most sensitive personal and financial details, so it’s no surprise they’ve become prime hacking targets.

High-profile scams involving the filing of fake tax returns have even spurred the IRS to launch a public awareness campaign to educate tax preparers about the importance of data security. “We’re very concerned that identity thieves, in their never-ending hunt for taxpayer data, are turning their attention more and more to focus on tax return preparers,” said IRS Commissioner John Koskinen.

The IRS has advised CPAs to review all aspects of their data security strategies, including administrative practices, building protection, computer security, staff, and information systems. As you review your own firm’s data security measures, consider the role third-party service providers can play in your accounting firm’s IT infrastructure, and explore ways to limit your liability while working to keep clients’ data secure and private.

Shifting data to qualified third-party vendors

Many small and medium-sized accounting firms don’t have an IT specialist on staff, which means they’re often ill-equipped to navigate modern data security issues. This is why some are turning to qualified third-party solutions to take advantage of these companies’ more advanced security measures.

"The average small or midsized company doesn't have a high level of in-house security expertise, while public cloud providers are betting their entire businesses on being secure." —Laurie McCabe, Cofounder and Partner at SMB Group, Inc.

“Our survey findings show that many SMBs feel more secure with the cloud,” said small business expert and researcher Laurie McCabe. “The average small or midsized company doesn’t have a high level of in-house security expertise, while public cloud providers are betting their entire businesses on being secure.” Economies of scale also allow major cloud storage and software providers to maximize security and efficiency at a lower cost than most small businesses can achieve.

How CPAs can limit their liability

Because of the nature of your business, you might always have to retain some amount of sensitive data on-premise, whether it’s printed materials for client meetings or onsite storage of digital backup files.

But where possible, you can shift some of this information to qualified third-party providers, the best of which protect data with more robust security resources and technological capabilities than the average accounting firm can muster. Avoid storing sensitive data on paper or on your computer if you don’t have to, as these locations are especially vulnerable to theft or hacking. By moving this data to third-party storage or software services, you can not only increase data security, but also transfer some of the liability burden for maintaining that data to the third party.

Bear in mind that passing liability on to another vendor doesn’t get you off the hook completely. You still need to take appropriate steps to protect clients’ data before it leaves your possession. “Companies can reduce the damage caused by successful hacks by encrypting their most important information (for example, credit card data for banks or patient records for hospitals),” wrote Nick Huber for ICAS.

So why worry about becoming the next headline or cautionary tale? It’s time to trust your sensitive data to experts who have the experience and bandwidth to protect it. With CPACharge, you never need to take possession of credit card information from clients. Send bills online and let clients enter payment information on their own, knowing that CPACharge’s top-notch security and encryption measures are protecting sensitive data behind the scenes.

For more information about steps you can take to secure your firm, download our e-book "Cybersecurity: Best Practices for Accounting Firms."