4 Ways to Protect Your Clients' Data

                                                                                                                                                  SPONSORED CONTENT

Today’s accounting professionals know that data security is a more urgent concern than ever. CPAs are in possession of their clients’ most sensitive personal and financial details, so it’s no surprise they’ve become prime hacking targets.

The IRS has advised CPAs to review all aspects of their data security strategies, including administrative practices, building protection, computer security, staff and information systems. But does this mean you have to immediately become an internet security expert if you want to avoid becoming the next headline or cautionary tale? Abso­lutely not. Protecting sensitive data can be simple. The following steps will help ensure better data protection in your practice.

1. Identify Your Cyber Assets

The path to a more secure firm starts with creating a simple document detailing your practice’s IT assets. List all the technology you use at your firm to the best of your knowledge, including:

• Networking infrastructure: Do you have wired (LAN) and Wi-Fi networks? What is connected to each? Is there a guest network? Who has access? Take an inventory of all of the PCs, laptops, mobile devices, file servers and network-attached storage (NAS) that are present in the practice. 

• Systems and other hardware: Take an inventory of all of the PCs, laptops, mobile devices, file servers and network-attached storage (NAS) that are present in the practice.

• Applications and data: Common software for accounting professionals includes practice management suites, billing and payments solutions, and document management tools.

• Users: Make a comprehensive list of any and all users with accounts on your systems, including the privileges and capabilities these users have.

2. Strengthen Your Passwords

Everything in your office, from your network itself to your personal computer, is only as secure as the password you’ve created for it. What steps can you take to strengthen passwords?

• Use a password manager. A password manager provides a secure way to store and find all of your passwords.
• Create a strong passphrase. Ensure that your passphrase: 

          *Contains both uppercase and lowercase letters

          *Has digits and punctuation symbols as well as letters

          *Contains at least 12 letters, numbers or symbols 

          *Is not a word in any language, slang, dialect or jargon

          *Is not based on any personal information

• Enable multi-factor authentication. This requires both a password and a code to access an account.

3. Fortify Your Physical and Digital Office

Securing both the physical and digital office environments is crucial, particularly with Wi-Fi networks serving as the back­bone of connectivity. While convenient, they pose significant security risks if not properly configured. Start by securing administrative access to your wireless router with a strong, unique password through the router’s configuration website, ensuring default passwords are changed.

4. Ensure Data Security and PCI Compliance

Every business that accepts credit or debit card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). To become compliant, businesses must complete a self-assessment questionnaire (SAQ) on an annual basis. The SAQs are based on the six standard groups outlined by the PCI DSS (and their sub-requirements), which are:

• Build and maintain a secure network. Ensure that your systems have firewalls installed and are regularly updated.
• Protect cardholder data no matter what. The best online payment solutions store and protect sensitive cardholder data for you.
• Maintain a vulnerability manage­ment program. This simply means using antivirus and anti-malware software and keeping it up to date. 
• Implement strong access-control measures. This involves limiting access to sensitive cardholder data to only those with a business need to access it. 
• Regularly monitor and test networks. This involves documenting who can access what and ensuring these practices are working correctly.
• Maintain an information security policy. Draft a security policy that out­lines how your business uses technology and handles sensitive data.

For more tips on how to increase your firm’s security, access the comprehensive guide, Cybersecurity: Best Practices for Accounting Firms, at cpacharge.com/resources/e-books-and-guides/cybersecurity-guide-for-accounting-firms/.

CPACharge, an NJCPA Member Benefit Provider, provides online payment solutions for CPA firms to enable them to streamline their billing processes and increase cash flow, safely and securely. Learn more at cpacharge.com/njcpa.