How a Security Assessment Benefits Los Angeles CPAs

Craig Pollack | Jul 17, 2015

How a Security Assessment Benefits Los Angeles CPAsSecurity threats are constantly emerging, targeting businesses of all sizes. A security assessment will evaluate your Los Angeles CPA firm’s security posture.

An assessment will provide your firm with:

  • A roadmap to prepare your network to mitigate attacks from hackers, malware, spyware, and Denial of Service attacks (DoS)
  • An understanding of practices and policies that ensure your firm is protected from internal data loss events
  • An understanding of compliance requirements for mandates such as Payment Card Industry  Data Security Standard (PCI DSS) or Sarbanes-Oxley security requirements

There are a number of formats that security assessments can take. Here we’ll look at five of them.

1. Social Engineering Testing

Your employees may unwittingly be exposing your information, or pathways to it, via social media. Taking the pulse of your company’s vulnerability to falling for social media trickery and giving up sensitive information is a critical step towards reducing the risk of your data leaking out via websites like Facebook, LinkedIn, or Twitter.

2. Vulnerability Assessments

A security professional will review your network perimeter, and ensure any security gaps are identified and documented. There might be a next generation firewall, Intrusion Prevention System, or Wireless Virtual Private Network system that can keep the bad guys out of your business.

3. Penetration Testing

Once they’ve identified some of the gaps that exist, an IT Security professional who has experience with penetration testing can do their best to simulate what an “unethical hacker” would do, should they happen to come across your vulnerabilities.

While a penetration test might make you feel exposed or vulnerable, it’s best to have a white hat hacker poking around your network to identify potential gaps. They can tell you where to add “digital mortar” to seal the cracks in your technology infrastructure.

4. Risk Assessments

An annual risk assessment, conducted during your firm’s budgeting cycle is a good practice. This will review the controls within your systems, practices, and technology. Then you will better understand the likelihood of threats to your internal controls, your ability to absorb the impact of these threat events, and strategies to recover from these threats, as well as resetting controls. 

Your business changes year to year, so analyzing potential events about your firm’s current financial and organizational health is a good practice.

5. Security Policy Reviews

You might have your I’s dotted and your T’s crossed with respect to gear, software, and risk tolerance. Though if you do not have policies that are understood by your employees and enforced by your management, you can still suffer data leakage from where you least expect it.

As much as fifty-two percent of data loss results from internal employees either knowingly, or unwittingly leaking your information. The scary part of that is, only about one percent of those events take place through malicious intent.

Bottom Line

Los Angeles CPA’s have a lot on the line in terms of protecting information from being snagged by the Pirates of the data world. A security assessment should be seen as an opportunity, not just a cost to your firm. Identifying security problems, before they are exploited, can differentiate your business from others who have not.


Have you had a security assessment that opened your eyes to the potential threats that could have harmed your CPA practice? Tell us about it in the Comments section below.


To follow through on the tips introduced in this article, be sure to download our free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.