Protect Your License With These 7 Cybersecurity Investments

For a CPA, security threats are not just a breach of your business, but also a breach of your client’s trust. When you do business with a company or an individual, they are willingly passing over sensitive information that can be used maliciously when in the wrong hands. While investing in cybersecurity is important for your client’s safety, it is also important for the sake of your own livelihood and to ensure that you keep your license in good standing going forward. 

Here are the most important investments that you can make to protect you, your license, and your customers from cyber threats: 

1. Encrypted Backups

As a certified public accountant, you cannot afford to keep key files in one destination. Otherwise, a broken, corrupt, or lost device could spell disaster. Therefore, it’s likely that you’ll keep backups of files in secondary locations. They are likely to be;

• Local backups, such as external hard drives or USB sticks.
• Off-site backups, which are facilitated by cloud services.

Given that cyberattacks occur every 39 seconds (1), preparing for the worst with backups is vital. Sadly, if they aren’t encrypted, a data breach will render the backups redundant. The process of encrypting your backups, which means that all data is scrambled until you unlock it with your credentials, will vary from one device to another. 

2. Firewall / VPN

Up to 60% of all (2) cybersecurity data breaches involve vulnerabilities for items where patches were available. Firewall protection, which regulates the incoming and outgoing network traffic, forms a crucial barrier. It must be used on all devices that are used, including those on the network primarily used for leisure.

Virtual private networks, or VPNs, allow accountants to send and receive data on a shared network while using the same security features that would be present on a private network. Essentially, the devices connected to the VPN reroute all data exchanges through this platform rather than the internet service provider (ISP). This provides CPAs with an extra layer of protection.

3. Encrypted Email

Email remains a central focus of online interactions but is also a major source of cybersecurity threats. In fact, 94% of ransomware (3) is delivered by email. Worryingly, most email providers use TLS or TCP/IP protocol, meaning emails are not naturally encrypted.

The threat of people getting into your inbox is only one issue. The other danger relating to email comes from the exchange of data. If an email is intercepted while in transit, encryption will prevent the hacker from reading the private information that is enclosed. The main types of encryption are;

• S/MIME, which is built into macOS and iOS devices. 
• PGP/MIME, which is best used for web-based email clients.

To send and receive encrypted emails, you will need to gain a digital certificate before backing it up. You can subsequently use settings, such as ‘ask every time’ to protect all email interactions, including those with your clients. In turn, this is crucial for your CPA license.

4. DNS Filtering

Domain Name System filtering, or DNS filtering, is an automated process that serves to block access to malicious websites that could contain phishing, which accounts for 90% (4) of data breaches, and ransomware. It can additionally block access to inappropriate content, making it an integral feature of a CPA’s cybersecurity repertoire.

A DNS filter analyzes a website before opening it and will prevent access if it is a known threat, either due to malicious data placed by the website owner or hidden viruses planted by a hacker. DNS filtering can block a site based on;

• Its domain.
• Its IP address.

This saves you, your employees, and clients from having their login credentials stolen or downloading malicious content. DNS filtering works as an add-on to the web browser and joins URL filtering, keyword filtering, and content filtering to create a secure web filtering process.

5. Endpoint Detection and Response (EDR)

EDR software is a high-end digital security measure used to identify, block, and overcome cyber threats that other tools may have overlooked. It can be a standalone product or a platform add-on, while 55% of MSPs (5) have adopted this strategy to replace outdated security measures.

The EDR process includes various stages, including but not limited to;

• Monitoring and recording endpoint activities in a central database.
• Analyzing and investigating suspicious activities.
• Ongoing reporting and alerting to potential threats.

EDR tools are an advanced threat blocking tool while they also support the right incident response. They can be used to tackle ransomware, malware, and data movements.

6. Password Management

Statistics show that 80% of all online data breaches (6) are linked to passwords. Therefore, advanced password management is a step that every business must learn to implement. To implement successful password management throughout the accountancy firm, you must;

• Ensure that all employees are aware of its importance.
• Set all passwords to at least 16 characters and include special characters, capitalization, and numbers.
• Change passwords every 90 days.
• Avoid using passwords that are linked to names or context-specific derivates, such as ‘ADMIN1’.
• Use multifactor authentication, such as SMS messages or finger ID.

Automated password reset features will save your IT team from stressful and time-consuming jobs while also preventing delays. 

7. Cybersecurity Training

Investing in the right tools and technology is vital, but it counts for very little if your CPA firm fails to invest in people too. Still unsure? The fact that 90% of data breaches (7) are caused by human error should provide clarity.

Cybersecurity must cover all employees that use internet-enabled technologies, and should advise employees of the threats, the importance of cybersecurity, solutions, and general protocols for when a data breach is suspected. When the team is equipped with the tools and knowledge to thrive, a safer accountancy operation is assured.