WEBINAR: A modern accounting firm with a
hybrid workforce –
Ace the growth game

  27th Oct, 2021   2 pm ET Register Now

Topics: Accounting, Industry, Outsourcing


Keeping Accounting Firms Secure – 5 Key Considerations of a Cybersecurity Plan

Written By Laurence Whittam

Cyber threats are evolving all the time, and so should the cybersecurity posture of your accounting firm. With data becoming the primary currency, it should come as no surprise that hackers want to get at financial data of your firm. Between 2014 and 2020, data breaches in CPA firms increased by more than 80%. From a ransomware perspective, the general ransom range for small firms has been $100,000, and for large firms, this figure generally hovers around $2.6 million.

These statistics highlight the need for accounting firms to start getting serious about cybersecurity. A comprehensive security action plan is driven by the implementation of strict cybersecurity controls. However, the security deployment shouldn’t happen in an ad-hoc manner. Improving your cybersecurity posture should be well-planned.

Here are a few primary considerations for your firm if it wants to protect its network and endpoints from cyberattacks:

1. Security Awareness Amongst Employees

Your cybersecurity is as weak or strong as the levels of security awareness of your in-house staff or even your remote employees. People are the weakest link in cybersecurity, and human error is right there at the top of the list when it comes to listing the cause of data breaches. Your accounting firm needs to take its team through its security paces. They must know about the cyber threats that your firm can face and how they might be targeted. Training must be imparted about the various types of phishing attacks that might land up in their inboxes and how they can identify such emails.

Also, if there are specific access control protocols in place, employees must be trained to follow them. They must also be made well aware of the consequences of their actions, either intentional or unintentional, in terms of the havoc they will cause.

2. The Client Angle

You might choose to deploy the most expensive and comprehensive security solutions that will help address the sophisticated threats your firm will face. However, what about your clients? Since you are going to collaborate closely with your clients on various accounting tasks, including sharing critical financial information through integrated systems, you need to be sure about the security posture of your clients.

The attacker can exploit a security vulnerability at the client’s end to infiltrate your firm’s network. While evaluating clients and their requirements, make sure they are compliant with the necessary data security regulations, whether SOC 2, Cyber Essentials or any other.

Pro tip: If you think their security isn’t up to par and you can identify weaknesses it would be a great opportunity for a strategic partner. Point them to your trusted IT or Cybersecurity partner which will not only help your client but help build a referral relationship with your provider.

3. Attack Surface

Accounting firms need to reduce their attack surface. Attack surface is the number of ways a cybercriminal can exploit to gain unauthorized access to a device or network. This allows the criminal to gain access to sensitive data, which is then either sold on the Dark Web or held for ransom.

Therefore, your firm and security partners must identify the potential ingress points on the network and other vulnerabilities that can be potentially exploited. The pandemic has meant more firms are working remotely and leveraging cloud applications to get work done. This has increased the attack surface. Also, employees that were protected by the firm’s network security cover are now working from home. In this case, the laptops or home computers used by the employees become an attack surface. Firms will therefore need to extend their security to remote employees.

The plan must include a strategy to ensure that employees and their work devices are protected from data breaches, irrespective of their location.

4. Plan Third-Party Security Audits

Your firm doesn’t exist in a silo. It works with several third-party vendors, which offer a variety of services. Some of the most prominent organizations globally have suffered data breaches because of third-party data breaches. The answer lies in not taking the IT security of third-party vendors for granted. Your cybersecurity plan of action must also focus on conducting a third-party audit to know about the security measures in place and evaluating their efficacy through penetration testing. This way, you can be sure that these vendors are not opening up vulnerabilities in your network.

5. Always plan for the ‘What If’ Scenario

You might have the best cybersecurity infrastructure in the world, but that doesn’t guarantee that your accounting firm won’t suffer a breach. What do you do if your accounting firm suffers from a data breach? Do you have a data backup infrastructure in place? If not, you should invest in it. If a malware attack impacts business continuity, you need a business continuity plan that ensures the firm’s productivity doesn’t suffer. Do you have Cyber Insurance? If not, start the process now as it is getting increasing difficult to qualify & more expensive.

Once you focus on these considerations, find a cybersecurity expert you trust to assess your network and make improvements. Make sure their contact information is always accessible and TEST your “What If” scenarios.

The objective is to build a meaningful and all-encompassing cybersecurity plan that ticks all the boxes.


ABOUT Laurence Whittam

Laurence has more than six years of experience in the accounting industry, with a core focus on helping accounting firms optimize their revenue potential. He has helped hundreds of CPAs and Accounting Firms ranging from Solo to the Top 100s to identify their pain points and strategize and implement an action plan to address these issues and drive business growth. More Posts(30)  

Originally published Sep 27, 2021 11:09:57, updated September 27 2021

Don't forget to share this post!

Related Topics

What is a Virtual Outsourced Accounting ...

20 Oct 2021

The Covid-19 outbreak in 2020 caused significant disruptions in the lives of tax and accounting prof...

Read More  

A Modern Accounting Firm – Acing the G...

14 Oct 2021

The Accounting industry is facing a severe talent shortage. There is absolutely no doubt this is the...

Read More  

Addressing Talent Shortage in Accounting...

07 Oct 2021

Accounting is a highly demanding profession and calls for focused expertise. Trained professionals w...

Read More  

10 Questions to Ask Before Choosing a Bo...

28 Sep 2021

As an accounting firm, you will be tasked with keeping the clients’ books in order and be diligent...

Read More  

Is this the time for CPAs to use outsour...

22 Sep 2021

Many CPAs adopted accounting outsourcing years ago, happily sending their high-volume, time-consumin...

Read More  

What is Outsourcing for Accounting Firms...

01 Sep 2021

Accounting firms offer a variety of services. Some like tax preparation, bookkeeping, and payroll ar...

Read More  


Get more accounting advice, thought-provoking pieces and expert opinions curated just for you, each month

Get the monthly QXAS newsletter with curated content just for you