Cybersecurity and Data Protection

Accountants in PA and throughout the United States are often targeted by hackers for the sensitive client data they possess. Data protection and cybersecurity are not optional. A data breach can not only harm your clients, it can harm your reputation and cost you financially through lawsuits, loss of your customer base, and possible fines from regulatory agencies for non-compliance. 

Cyberattack statistics

In 2020, the FBI’s Internet Crime Complaint Center (ICCC) received 3,000 to 4,000 reports of cyberattacks daily, and it takes an average of 280 days to detect a breach. This means hackers have nine months to draw content from your company. According to the 2020 Cost of a Data Breach Report, the average cost of a data breach in the U.S. is $8.6 million.

How to protect your firm

Whether your firm is large or small, data security must be your priority. Security must have a multi-faceted approach, addressing physical security, cybersecurity, data transfer and storage, and education of employees and clients. 

Physical security includes office space, office devices, and all movable and off-location hardware. Employee key cards, visitor logs, and security cameras can ensure that your office is protected from unauthorized entry. Working from home can pose a particular challenge. Your firm must implement strict policies requiring that all hardware used at home is encrypted and includes remote wipe features, ensuring that no one has access to data on the hardware without an encryption key. Policies about taking physical files out of the office should also be implemented. This would include a secure method of document shredding.

Cybersecurity of devices includes having up-to-date firewalls, anti-malware, and antiviruses installed in every device, updated automatically. A Zero Trust framework requires identity verification for every person and device accessing sensitive data.

Data must be protected in transit, at rest, and in use. Data loss prevention solutions should be employed to control data transfers by monitoring the movement of sensitive data and blocking the transfer to unsafe locations, downloading to items such as USB drives, and copying and pasting into emails. Data kept in storage must be encrypted so that a breach does not allow a hacker access to large amounts of data. Policies must be implemented regarding leaving client files on a desk or up on a computer when an employee walks away from his or her workstation.

The education of both employees and clients is key to success. If they do not know the reason or understand the urgency for these steps, they may simply see them as a hassle and an intrusion and seek ways to work around them. Clients may even find them annoying and look for a less safety-conscious accounting firm unless you make it clear to them that your extra steps are actually in their best interests. 

Engage a third-party auditor to check for vulnerabilities in your system and do penetration testing to assess your exposure to hackers. 

Products and services that provide data support

Of course, accountants are experts in accounting, not security, so there is a wide variety of products and services available to help you. Some are better than others, so look for resources that address multiple aspects of security and use up-to-date principles and technology. 

For instance, an older form of security included one-step or two-step verification and a safe-perimeter model in which once you were verified, you had access to whatever was inside the network. However, more robust services require multi-step verification and limit access to content to specifically designated persons. 

An example of a robust protection service is the Verifyle Pro™ platform. This service uses six-key encryption technology that protects each individual document or conversation. Workspaces can be set up for projects, activities, or initiatives in which the host invites guests and gives the guests access to only the documents the guest needs to see. Documents are easily loaded to Verifyle, which can be used simply as a safe, encrypted storage space for your sensitive documents, so they are protected at rest as well as in use. Verifyle also has a safe and secure app for clients to communicate with you in a safe, encrypted environment while on the go. On the app, they can share documents with you and sign necessary documents safely. 

By using products or services such as Verifyle Pro™ or other high-security platforms, implementing policies and procedures for physical space and physical files, and educating employees and clients, you will protect your clients’ data, reputation, and financial future from thieves and thugs.