4 Cybersecurity Tips for CPAs

Did you know small and medium-sized businesses are most vulnerable to cybersecurity attacks? Cybersecurity breaches can lead to penalties, lost revenue, costs to respond to the issues and loss of client trust.

As a CPA, you deal with sensitive personal and financial data daily. Whether you’re in a firm or a personal practice, you need to take precautions to ensure this data is safe.

In this article, we share a compilation of the top tips offered for how CPAs can protect their privacy and data.

Person sitting at laptop with phone in hand, doing multi-factor authenication

1. Educate yourself and your staff

Cybersecurity experts say your first line of defense is your people. No matter how many precautions you put in place to avoid hackers getting in, a simple click on an email attachment can cause a breach. Staff need to be trained on how to recognize things like phishing emails, which look like something expected, but still don’t look quite right. They also need to know how to correctly manage hardware and passwords so that they’re not compromised.

Employees should also be thoughtful about what they post publicly online. Security answers may be easily guessed through social media posts and locations can be compromised.

2. Improve password protection

Data breaches with online retailers and financial providers have already made some of your current or past passwords available to hackers. And guessing passwords is one of the most common ways hackers get into accounts.

There are two tools to help to avoid this:

  • multifactor authentication (MFA)
  • password management

MFA is becoming more common and requires you to approve a login either through approval through a message, code or fingerprint. It also is highly successful in deterring attacks. Passwords that are old or can be easily guessed are vulnerable. Long alphanumeric passwords with a mix of characters and lower- and upper-case letters are stronger. Additionally, you should update your passwords on a regular schedule and use different passwords for different accounts.

3. Review your software and services

Antivirus software is the common go-to for protection. It is important, but you need to have it installed on all your devices and keep it up to date. Even with the software, you need to remember that things like email can still be vulnerable.

When it comes to file security, cloud storage is safer than local storage. Files in cloud storage are encrypted and many companies back files up regularly, which makes them more secure. However, this doesn’t mean it’s without risks. Review and plan for potential privacy and control issues you could have with your provider.

4. Invest in your security

Operating system updates usually address security vulnerabilities within a program or product. All devices connected with your workplace should be updated quickly when needed. If you have in-house IT, they can set this up. But if you’re a smaller organization, you may need to use external services to help manage this for you.

Cyber insurance has also become a popular way to invest in security. While it can be helpful, it’s not a substitute for all the previously mentioned cybersecurity measures. However, as data breaches can cost a company up to millions of dollars, it could save your business from financial ruin.

Bonus tip: shred your documents. It may seem like an outdated practice in our virtual work world, but any discarded papers with sensitive information on them can cause a data breach. To protect your clients’ information, shred and dispose of the paper properly.

If you want to learn more on how to mitigate cybersecurity risks for your business, check out our on demand courses on Cybersecurity Basics, AI and the Future of Accounting and an Executive’s Guide to Cybersecurity.

Want more exclusive and timely content for CPAs? Get UpNext, free for members.

Related content