As a business owner, I understand the challenges and costs associated with running a successful business. However, as an IT security expert with more than 25 years of experience, I also know the importance of not cutting corners when it comes to protecting said business. This is an issue faced by many accounting firms who come to FPA for help: They have a limited budget and don’t want to incur significant additional costs, but they also want to do a better job of protecting their clients’ personal information and valuable data. What do they do?
I’m happy to tell you the same thing that I tell all of my accounting firm clients: An efficient cybersecurity defense strategy doesn’t have to mean a big expense. There are several cost-effective ways for Los Angeles certified public accountants (CPAs) to improve their firms’ cybersecurity stance and protect their CPA technology.
I’ve put together a list of some ways that your firm can stand tough against cybercrime with cost-effective IT security solutions:
Secure Your Network
There is no way to prevent 100% of all cyber attacks. This means that cybersecurity efforts focus on reducing the likelihood that your firm will experience a security breach. Protecting your network is fundamental to a strong cybersecurity strategy and defense. This can be done through multiple avenues, including the use of technology, system monitoring, and implementing sensible policies.
Limit Access to Authorized Users
No matter what some of your employees may say, not everyone needs open access to all areas of your network. Setting limitations to only a handful of individuals who actually need access is important to the overall health of your business and the safety of your data.
Your IT security services team (or managed IT service provider) can set limitations and monitor who tries to access what systems.
Implement a Multi-layered Security Approach
Having strong and reliable firewall and antivirus protections in place for your network is cybersecurity 101. However, it should be part of a larger layered cybersecurity approach rather than acting as a standalone defense. A multi-layered approach to cybersecurity involves the integration of software, continuous maintenance, as well as active and passive monitoring. The goal is to deter and slow down cyber criminals during an attack so they can be detected and dealt with before causing theft or damage to your infrastructure and data.
Layered security can include several integral risk mitigation and endpoint protection components, such as:
- Risk assessments;
- Automated alerts and responses;
- A firewall;
- Antivirus software;
- Antimalware software;
- Network monitoring;
- Regular network, server, and device patches and updates; and
- Remediation recommendations and implementations.
Although these things do cost money, it’s still less expensive than the potential damage and losses your firm would face if your data were to become lost, stolen, or destroyed. According to the most recent report from the Identity Theft Resource Center (ITRC), there have already been 273 reported data breaches in 2018 between January 1 and April 1 that have resulted in the exposure of 5,498,547 records.
The 2017 Ponemon Cost of Data Breach Study shows that the average data breach costs businesses $3.62 million, or an average of $141 per record, in 2017. And, since it looks like 2018 is well on its way to being another record-setting year in terms of cybercrime, this means that the number of data breaches — and their accompanying price tags — also may increase.
Complete a Technology Audit and Network Penetration Testing
In order to ensure that you close up any gaps in your security, something you’ll need to do is conduct a technology audit. This task enables your IT team to identify all devices that are attached to your network so they can then identify any potential gaps or updates that need to be addressed.
Additionally, using network penetration testing is another important IT security solution for CPAs. This approach, a form of “ethical hacking,” uses an expert who leverages their skills to provide the most realistic perspective about potential gaps in your network and give recommendations on how to fix them.
Implement Employee Use Policies and Settings
When it comes to protecting your network and data, it’s important to have policies and protocols in place to help promote these efforts. By outlining a computer use policy for your employees, you are able to:
- Provide legal protection for your firm;
- Uphold your firm’s professional environment;
- Help end-users understand your organization’s privacy and ownership rights;
- Inform users about their responsibilities when using your organization’s technology;
- Set expectations that aim to minimize use that can lead to increased risks; and
- Enforce the agreement with your employees.
For example, having a group policy object (GPO) in place can enable you to make it so that employees can’t plug potentially-infected USB drives into any of your company’s computers.
Educate Employees about Cybersecurity Threats, Best Practices
Something I wish more clients would ask themselves is this: How can employees actively protect your firm against threats they don’t understand? This is where the importance of providing effective cybersecurity awareness training really comes into play.
Human error is one of the leading causes of data breaches — employees accidentally download malicious content by clicking on links in convincing phishing emails or website advertisements. Or, perhaps they download a file from a corrupt source. Either way, these types of situations spell trouble for businesses of all varieties, including accountant firms.
There is often a significant discrepancy between what professionals and senior management think their employees know and what end users actually know and practice. This may help to explain why few organizations historically have had cybersecurity awareness training programs for their employees. However, this landscape is beginning to change for the better. According to the Security Awareness Training Report by Cybersecurity Ventures, global spending by businesses on employee security awareness training is predicted to reach $10 billion by 2027.
I’m glad to see that more businesses are expected to take cybercrime more seriously. By teaching your employees cybersecurity best practices, you can minimize the threat to your firm since you’ll have more tech-savvy employees who know better than to fall for some of the most common attack methods.
Outsource Your Managed Security Services
Much like an effective in-house IT team, a managed IT security services team from a professional group, like FPA, is designed to help your company detect and prevent security events and intrusions (as well as to recover quickly from such events). However, a big difference is the cost associated with each capability. With an in-house team, you have to hire and pay an array of costs, such as salary, benefits, and continuous training — not to mention the costs of the technology they would need to have licenses for and operate.
With FPA as your managed IT service provider, you’ll receive a dedicated team of IT experts who will monitor your network for threats and keep your systems up to date. You pay a set rate and receive top-tier service that removes the responsibility from your team’s shoulders. At FPA, we focus on IT so you can focus on your business.
Cybersecurity shouldn’t be the last thing you consider when trying to handle the day-to-day functions of your firm. Learn more about FPA’s approach to providing IT security services that are trusted by businesses in the Los Angeles area for more than 25 years.
What's your take on the best ways to secure your accounting technology? Are there are any cost-effective ways that you have improved your firm’s cybercrime prevention methods that you'd like to share? If you have any hints or tips for fellow CPAs, please share them with us in the comments section below or send me an email to discuss this topic more in-depth.