Best Practices for Protecting Your LA CPA Firm's Data

Craig Pollack | Jan 20, 2015

Best-Practices-for-Protecting-Your-LA-CPA-Firms-DataAs a trusted advisor, safeguarding financial data on behalf of your clients should be an overriding concern as it requires taking on a great deal of risk.

The most effective starting point for protecting your CPA firm’s data, is to not only establish policies to prevent data loss, but to also implement the right systems and applications.

Understanding that data breaches can occur because of external threats as well as the actions of your employees is an important step to protecting the information you are entrusted to secure.

Here are some additional strategies your firm should implement to protect your data, reputation, and ultimately your business.

Establish Firm-Wide Policies for Physical and Electronic Data Protection

Whether your accounting firm has five employees or five hundred, communicating standards of data protection is vital. Providing employees with information governance policies upon hire and enforcing these policies on a regular basis is an industry standard best practice.

Policies should include:

  • How and where to store physical records, including paper, USB drives, and other media
  • Rules on usage of firm laptops, mobile devices, and Internet usage on these devices
  • Ensuring only privileged employees can access client files
  • Establishment and communication of a file retention schedule, based on industry standards
  • Enforcing the use of anti-virus software, and only approved file share drives, either local or in the Cloud

Implement Tools to Govern Possession of Client Files

With all of your documents in a central document management system - including tax returns, client correspondence, employee records and email messages - you’ll be able to help your clients in record time.

Instead of simply emailing documents back and forth to clients, sharing documents securely ensures only the bookkeepers, administrative staff, or CPAs in your firm who need to work with certain client files get access to them. Your clients and your employees are likely comfortable using cloud storage systems to retain and share information.

The following are some industry leading solutions:

Educating Your Staff on GAPP as Well as GAAP

Your accounting firm applies Generally Accepted Accounting Practices all the time. Educating your team about Generally Accepted Privacy Principles is equally important to enforce. Make sure your employees are aware of data protection principles established by the American Institute of CPAs such as:

  • Limiting the use of wireless Internet to only within the office, and ensuring your Wi-Fi network is protected with password encryption
  • Sharing client information with third parties only as required to conduct business and only after receiving client consent
  • Regulating standards on passwords, anti-virus, firewalls, and anti-malware on any device which has access to client data
  • Ensuring credit card information is handled in accordance with Payment Card Industry security and privacy standards (PCI Compliance)
  • Securing physical client records offsite if possible, or in a locked area of your office where visitors don’t have access

Perform Recurring Security Audits

Consider performing a Security Audit on your technology on a yearly basis. Beyond just a simple penetration test, a Security Audit will look at all aspects of your systems to ensure that not only are your systems secure, but your processes and people are secure as well. This will go a long way to mitigate your risk as well as protect your reputation by showing that you truly are doing all you can to secure your and your clients’ information. For more information, check out our Security Assessment page.

Establishing and enforcing best practices in data governance can mitigate your firm’s exposure to risk, legal action, and damage to your reputation as a professional services firm. By following these guidelines and others recommended by the AICPA, you will retain the trust of your clients, employees, and regulatory agencies.


Has your LA CPA firm established policies to prevent data loss and implemented the right systems to prevent data breaches? Please share your thoughts in the section for Comments below.


And to follow-through on the tips introduced in this short article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.