It is a common misconception that only large companies are targeted by cyber criminals. Unfortunately, most often it is smaller companies with less cyber security protocol that are targeted. 44% of small businesses reported being a victim of a cyber-attack within the last year. Small CPA firms are targeted even more frequently than most because cyber criminals know they have copious amounts of client data and personal information.

Hackers have used social engineering and malicious tactics such as forged email, malicious advertising and ransom extortion to gain access to their data. As companies record more claims, the risks and exposures keep coming.

No organization is immune from the loss of confidential and sensitive data. While businesses are aware of the potential threats, they are not necessarily equipped to respond effectively. Do you have the protocols in place to safeguard your small CPA firm?

Protexure has compiled a list of best practices that every successful cyber security policy must have.

 
1. Assess your risk and potential weaknesses

A preforming a risk assessment is critical before creating any policies or procedures. Your organization must know all their possible risk factors and where to look for possible threats before they can combat against them. Complete an objective review of possible threats to serve as a foundation for developing an effective data security and response strategy.

 
2.Conduct security training for all employees

Your employees are on the front line when it comes to protecting your firm’s documents and data. It is important to educate them on the basics of online security. Make sure they understand the fundamentals of identifying cyber risk and preventing it. Additionally, verify they have a full understanding of the protocols in place to protect the firm. They should be frequently updated on the latest threats and how to guard against them.

 
3.Create strong passwords and change them frequently

A strong password should contain at least 8 characters, capital letters, numbers and special characters. You should never use personal information as your password. Additionally, try to avoid using simple words, use acronyms instead. These tips will make it much more difficult for password cracking programs to guess your password.  Be sure to follow these guidelines every 60-90 days when it is time to change your passwords.

Most importantly, do not repeat passwords. As hard as it might be to remember, using the same or similar passwords for multiple accounts can compound what might have been a manageable problem if someone gains access to one of your accounts.

 
4. Establish written policies for the transfer of funds

When someone internally or externally asks to transfer funds, call the person to confirm the transaction before funds are transferred. Require that any transfer of funds is approved by two pre-identified individuals within your organization. Tier sign off authority for transfers over a certain threshold. Make sure you have a pre-identified officer or someone of an appropriate rank approving and large or unusual transfers.

5. Choose the right firewall protection for your business

A firewall is a barrier that controls what comes into your computer from the outside and vice versa. In other words, a firewall's primary job is to prevent access to a private network (your computer or office network).

In addition to finding firewall protection and a price that is right for you and your firm. You must also consider your firms needs when it comes to size, security level and support needed to protect your small CPA firm.

To learn more about choosing the right firewall protetion, check out this resource.

 6. Develop a data breach response plan

What happens when there is a breach in your online security?  Having a plan when you find a breach is essential to good security. Even if it is just a matter of knowing who to call.

7. Purchase cyber insurance and regularly evaluate your coverage

Small CPA firms and solo practitioners are as vulnerable to security threats and unauthorized breaches of data as their larger, publicly-traded counterparts. Any private or confidential information that is disclosed or misused in the performance of professional services can be in violation of privacy regulation.  Data breaches and potential cyber threats are here to stay. Accountants Cyber insurance protects small cpa firms from liability and expenses caused by a data or security breach.