woman in dark server room on a computer

3 Security Vulnerabilities Every Accounting Firm Must Address

Mar 9th 2018
In association with
Share this content

Over the past year we saw a record-breaking high of 1,579 data breaches, as such accounting firm leadership around the world have security vulnerabilities first on their agenda.

But when practices across the globe collect and store both firm and client data, how can you be sure your organization won’t be next? In short, protecting against a data breach requires a significant amount of planning and resources. If you don’t know where to begin, we suggest that you first understand the top three security vulnerabilities that every accounting firm innately has:

1. Sensitive data is a target for hackers and malware

In 2017, we saw an almost 300% growth in global ransomware, which is malicious software that takes control of your computer until you “ransom” your data from the hacker that attacks the technology infrastructure of businesses of any size. Between attacks on Equifax (145 million people), Uber (57 million people), WannaCry (300,000 systems around the world) and Yahoo (3 billion accounts), it’s clear the threat of hackers and malware on sensitive data is only growing.

To avoid being the next victim, it’s critical that organizations stay on top of all operating system patches, including patches on software or apps that store data, like Google Chrome. We also encourage organizations to utilize endpoint antivirus applications that have the ability to communicate with edge network devices (firewalls/network). This will limit the inconsistency in the security of different devices and make it more difficult for hackers to find a vulnerability.

2. Employees are your main threat

No business wants to consider that its employees could be a source of security vulnerability, but it’s true. In 2016, 77% of data breaches involved an insider, which means even the most careful allocation of access and permissions can be compromised through employee negligence and sabotage.

Another complication is the increase in bring-your-own-device (BYOD) environments. Seventy-four percent of organizations either use or are adopting BYOD policies, which introduces a loss of control, standardization and compliance plus it creates a more complex security environment for your IT partner to manage.

*Introducing BYOD to your firm? Resource: Avoid These Common BYOD Policy Mistakes

Minimizing this risk requires the creation of a unique security strategy that aligns with your long-term business goals: consider restricting the types of apps allowed on employee devices or getting consent to use a Mobile Device Management software (MDM) and educate your employees on security best practices with thorough onboarding and training.

3. Your organization hasn’t had a full risk assessment

The final threat to your accounting firm’s security is that most accounting firms don’t have a clear picture of the vulnerabilities that present the largest security threats to their organization. Less than 40% of organizations have conducted full-network active vulnerability scans more than once per quarter – a sure sign that the first step in addressing these vulnerabilities and building an overall IT strategy is to perform a full risk assessment.

  • In a risk assessment, you’ll receive a detailed report answering questions such as:
  • Asset list of all internal/locally stored data
  • Asset list with locations of all cloud based data storage for both firm and clients
  • Value of data sources
  • Redundancy of both local and cloud based storage/software systems
  • Update policies of both local and cloud based storage/software systems
  • What would happen if either data sources were damaged or lost?
  • What are our system’s most significant threats and vulnerabilities?
  • What’s the best way to minimize exposure to these threats and vulnerabilities?
  • Resolution plan should a breach occur

Final Thoughts

Securing your firm’s and your client’s data is not something that can be completed with one action or one decision; it’s an ongoing process that must be reviewed and updated regularly. This is why it’s so important that accounting firms take a comprehensive approach to designing and implementing an IT strategy that takes these changes into account and starts with a comprehensive risk assessment.

In short, the next time you read about an enormous security breach in the news, you’ll rest easy knowing you’ve taken every precaution to protect your organization from these common vulnerabilities.

We're proud to present the Technology Strategy series in association with AbacusNext who share our commitment to helping firms adjust to the digital world as safely as possible.  AbacusNext provides a suite of best of breed services to accountants including OfficeTools Practice Management, Results CRM, and Abacus Private Cloud.


Replies (2)

Comments for this post are now closed.

By CPAwithData
Mar 10th 2018 01:11 EST

#1 Security Vulnerability: Using AbacusNext or Cloud9 for hosting your data. If you're reading this, do yourself a favor and stay far, far away from AbacusNext or Cloud9.

There was a massive ransomware hack that somehow spread across their systems which means they were not using secure procedures. And now this company is all over the internet pretending to be the top dog in cloud security when in reality many, many users were affected. The company response was horrible and now they are scrubbing bad reviews of thier company from the internet (I'm still not sure how they are managing to do that).

Here's article which is nicer than they should be about the hack:

To add insult to injury, AbacusNext has sued clients, charged credit cards even when cancellations were made within terms, and for those who wanted to leave for another provider Abacus would not release customers from their contracts.

Thanks (0)
By AdrianLawrence
Mar 29th 2018 08:13 EDT

I have been trialing using PGP encryption, what is great about it is that it scrambles text so it is unreadable to the passing user. Of course a Government dept can no doubt get the keys to decrypt but it is very secure otherwise.

Thanks (0)