How to Lower Accounting Cyber Risk

Alavanca Systems - IT Support for Accounting, Tax and Finance Firms

IT crime is on the increase and as a result, cyberattack readiness is now a key consideration for accounting firms looking to do business in the “new normal.”

Cyberattack readiness refers to incorporating security measures across your entire organizational infrastructure and constantly monitoring for potential threats.

But how do you prepare your firm to be cyberattack ready?

It’s not all doom and gloom, and the cybercriminals don’t have to win.

The bright side is that there are steps you can take to achieve cyberattack readiness in your accounting firm.

Begin by addressing the following three areas: people, policies, and technology.


Employees are the weakest link and the most common avenue of a cyber-attack. Many don’t have good threat recognition (ability to realize when they are being targeted) and can leave your company vulnerable to attacks.

With this in mind, a good and necessary first step towards enhancing cyber readiness is to help all your staff understand the tactics cybercriminals use.

Partnering with IT specialists like those at Alavanca will enable you to educate your staff about the risks associated with using unsecure networks, phishing emails, and more.

Helping CPAs and administrative staff to use both personal and work devices in a way that reduces the risk of a cyberattack is a critical step in the right direction.

Strong, Unique and Secure Passwords Matter

Many workers in an organization re-use weak passwords across multiple sites. In fact, research shows that 80% of security breaches result from a password compromise.

One of the ways to enhance cybersecurity in your firm is to train all your staff to follow good password practice.

For starters, an effective password should be long and complex, comprised of a combination of letters, numbers and symbols.

A good user-chosen password should meet the following requirements:

  • Be strong and long (mixed case letters, numbers, and special characters)
  • Be heightened with password encryption
  • Be enhanced with Two-Factor Authentication (2FA)
  • Be randomly generated – no full words

While creating complex and unique passwords has been the top best practice for credential security for a long time, it’s not as easy as it sounds. To address the challenge, successful accounting firms leverage password manager solutions such as LastPass, Keeper, Dashlane, Bitwarden, and more.

Adopting best password practices will go a long way in helping your accounting firm mitigate cyber attack risk.



Accounting firms also need effective and up-to-date IT policies.

When helping clients implement operative IT policies, we have noted that many organizations have outdated policies that staff know nothing about.  Or worse, some accounting firms have no IT policies at all.

It’s vital to have written, customized, and regularly updated IT security policies for your accounting organization. The policies should be active and up-to-date organizational documents that reflect security controls, priorities, and changes for all technologies and assets in a business.

It’s critical that the policy you adopt is supported by the entire executive team in your firm. It is also essential that your employees are familiar with and understand the policy – and the reasons behind it.

To foster this familiarity with your IT policy, carry out regular staff trainings that include any new procedures, new technologies, and potential threats.

Alvanca systems works with firms every day and helps facilitate accounting cyber risk training and updates in an effort to lower our clients’ exposure to cybercriminal activity.

Always seek to develop a culture of security responsibility. This cybersecurity-consciousness must be championed at the executive level of the firm if it is to be effective.



Finally, after reorganizing people and policies, you can now tackle the last component — technology implementation, optimization, and management.

Let’s take a brief look at some things you should implement in the management of your firm’s IT assets and IT-supported workflow.


Anti-Virus and Anti-Malware

Computer viruses used as weapons aren’t going away anytime soon, and cybercrime is reported to have gone up by 600% as a result of work-from-home targets and the COVID-19 pandemic.

Anti-virus and anti-malware solutions help in dealing with malicious software and are an essential tool when it comes to cyber readiness.

However, anti-virus solutions must be correctly installed, managed, and maintained to aid in the avoidance of an IT security disaster.

One of the best ways to handle and manage anti-virus solutions is to work with a managed IT provider who has experience in protecting accounting workflows.


Backups and Server Recovery

Every business owner knows that data loss is chilling and comes with serious revenue implications. Some businesses never recover from data loss. Unfortunately, research shows that about 40% of businesses don’t have adequate disaster recovery systems.

Your accounting business cannot afford to be included in that statistic. You need to be in a position to restore your data and systems.

A good backup and recovery strategy is a key component for achieving cyber security readiness. It’s important to have a reliable, verifiable, and monitored backup plan for your accounting data and processes.


Technology Patch Management

It’s estimated that 80% of data breaches can be prevented through patching and proper vulnerability configurations.

Just like you mend clothing with a patch, technology patching helps you fix any holes or broken functionalities on software within your IT infrastructure.

Alavanca patch management implements a centralized management solution that detects, reports, downloads, and installs any necessary patches – so your systems and applications are always working on the latest versions and security software.

To minimize accounting cyber risk, we recommend either daily or weekly patching of servers, workstations, and mobile devices.


Predictive Analytics and Intelligence

To achieve cyber threat visibility, leading accounting firms implement predictive analytics and intelligence. These technologies give transparency that helps them deploy measures for guarding against attacks.

Predictive intelligence uses big data to identify and defend your IT systems against accounting cyber risk.

Implementing predictive intelligence will help you get ahead of intruders and reduce your cyber risk and legal liability.

On the other hand, not leveraging predictive intelligence in your accounting firm makes you limited in your ability to employ the early threat identification that helps keep hackers at bay.


Comprehensive Cyber Protection

Today’s cyber-attacks are sophisticated, destructive and on the increase, and if a cyber-attack finds you unprepared, the results can be damaging – or disastrous.

Your accounting firm may end up with damaged brand reputation, unending identity theft problems, lawsuits with hefty fines, and long IT system downtimes that ultimately take your business revenue on a drastic nosedive.

The truth is that you are being attacked by cybercriminals – even if it is just phishing emails at the moment. The question is whether you have built your defenses strong enough to ward off these and more aggressive attacks.   That’s why it is necessary to take preventive measures and lower your cyber risk profile.

The Alavanca team has helped many firms implement the accounting cyber risk preparedness strategies discussed above. We can help you do the same.  Take the first step, and get in touch with our cybersecurity specialists.




Ciro Cetrangolo is an IT specialist with over 30+ years in the IT services industry. Ciro has a deep understanding of the software, workflow, and underlying technology of accounting organizations and helps firms like yours achieve the secure, stable, and streamlined IT environments you need to accomplish your work more effectively. See my Amazon Author Profile