7 Data Encryption Best Practices for LA CPAs

Henry Ngo | Jun 01, 2015

7 Data Encryption Best Practices for LA CPAsAccording to the Electronic Frontier Foundation (EFF), and popularized by Wikipedia, data encryption is defined as encoding information so that only authorized parties can read that information.

While it’s fairly simple in concept, many CPAs in LA are asleep at the wheel when it comes to data encryption and protecting their digital assets.

10 or 20 years ago, this oversight may have been considered no big deal. Today, however, a lackadaisical attitude about data security, or being in denial that a breach could happen to you and your team, could threaten the very survival of your accounting practice.

How to Avoid Becoming a Statistic

A recent survey from IDG Research, working in conjunction with mobile software developer Lookout, found that 44% of smartphones were stolen when their owners left them behind in a public setting. And 14% of devices were stolen from a home or car that was burglarized.

So if anyone from your accounting firm ever goes to places like restaurants, nightclubs, grocery stores, gyms, or even gas stations, you and your staff could easily become a statistic. And no matter how careful you are, there are times when the devices get left behind at home or in cars.

While Consumer Reports found that 36% of smartphone users set a 4-digit PIN to lock their screens, only 7% used security features besides a screen lock, such as data encryption software.

And while many of the headline-grabbing stories focus on smartphones, as compared to other mobile devices, a quick Google search of something like “laptop theft statistics” and the mere existence of a Wikipedia page on “Laptop theft” will cause many CPAs in LA to sleep a little less peacefully.

Why Data Encryption Matters to Your CPA Firm

Data encryption is a subject you need to learn more about—especially if your firm lets employees use laptops, tablets, and smartphones for internal work and client work. These electronic devices are easily lost or stolen. When that happens, all of the data on the devices is at risk—including any client data that they may contain.

So while an unlocked iPhone 6 that’s stolen may set you back $649 to $849 to replace, it’s the data stored on that device, potentially tens of millions of dollars’ worth of intellectual property, or more – and what that data leads to – that will make the cost of the hardware itself seem like mere pocket-change.

And the sad reality is that less than 10% of smartphone users even consider the need for encrypting the data on the device – more than likely believing that a 4-digit PIN to lock the screen would provide adequate protection.

As much as mobile, search, social, and cloud are massive disruptors in today’s digital economy, protecting against data theft still comes down to human nature: Like a deadbolt lock on a door only protecting you against honest people, the basic screen lock that’s still only used by the minority of smartphone users will do very little to slow down the professional IT thief.

While employee negligence is only one of several risks, losing sensitive data can be costly for your LA CPA firm.

Losses of clients, liability from fines and litigation, and damage to your firm’s reputation are just some of the severe consequences that your firm can face when data is lost or stolen.

Data encryption is critical to protecting sensitive data. When implemented correctly, it prevents hackers or thieves from benefiting from lost or stolen data—no matter how they came by it.

How CPAs in LA Can Better Protect Invaluable Data

Consider these seven best practices to help your accounting firm better safeguard its own data and its client data:

  1. Institute policy first — Good policies, combined with the right technologies, dramatically boost data security. But before creating any policies, make sure you understand your compliance needs. Include all relevant stakeholders when planning policy and put your policies in writing.
  2. Use whole disk encryption – Still the staple of most CPA firms in LA for a long time to come, laptops with unencrypted hard drives are an accident waiting to happen. Simple software utility programs like Symantec Endpoint Encryption (powered by PGP Technology) can mitigate most of the risk at a cost that’s well within the reach of even the smallest accounting firms in Los Angeles.
  3. Encrypt emails – While hard drive encryption is a good initial step, you also may need to protect information sent through email because there are so many ways for data to be compromised while in transit.
  4. Encrypt smartphones and tablets – Many newer smartphones and tablets, like those based on Android 5, have native features built-into the operating system for data encryption.
  5. Consider the risks of BYOD and benefits of MDM – As IT has become more consumerized, many accounting professionals spend a lot of their work days on mobile devices that are owned by the employee, rather than the CPA firm. While BYOD (bring your own device) provides for a much more agile workforce, it also introduces its own risks – both while the data sits on the device and while the data is in transit. And in an increasingly cloud-centric world, data is always in transit. While most tech-savvy accountants have long-known to look for https:// and the lock icon in the address bar of web browsers like Chrome and Firefox, SSL (secure sockets layer) can be a lot more difficult to stay on top of with mobile apps and mobile web browsers. One of the more efficient and consistent ways to deploy best practices is through a mobile device management (MDM) solution.
  6. Choose the right technology — Advanced Encryption Standard (AES) with 256-bit key length is considered the gold standard. Employ this key bit length whenever you can. Good key management is critical to effective encryption. Your security is only as good as its supporting technology.
  7. Integrate malware protection — Laptops that aren't lost or stolen are still at risk for data loss. Cybercriminals can steal data from laptops without the user's knowledge. So integrate malware protection and keep it updated. Savvy CPA firms have malware software updated automatically, without the need for end-user intervention.

The Bottom Line

If your accounting firm lets employees use laptops, smartphones, or tablets at work, you need to know more about data encryption. If an employee’s device is lost or stolen, the data on it is at risk of falling into the wrong hands.

You’re responsible for the data on those devices—no matter what happened. You need to protect your firms’ and your clients’ sensitive information.

By following best practices like the ones introduced in this post, your LA CPA firm can go a long way towards reducing the risks and fallout from a data security breach.


What have been your experiences with data encryption? How effective has it been? Let us know your thoughts in the Comments box below.


And to follow-through on the tips introduced in this article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Henry Ngo

Henry Ngo

In addition to his day to day NOC duties, as one of FPA's bloggers, Henry develops value based blog content sharing his technical expertise with our clients and friends. Henry addresses topical issues in real and meaningful ways communicating technical concepts in an easily digestible way.