How LA Accountants Can Improve Security for Mobile Devices

Craig Pollack | Jan 26, 2015

How-LA-Accountants-Can-Improve-Security-for-Mobile-DevicesAccessing client data on mobile devices is becoming second nature to professionals in many industries. In most cases, we take for granted we won’t lose our phone, or have our data compromised in a coffee shop or airport.

The subject of security for mobile devices was brought to the headlines recently when several celebrities had compromising photos stolen from their devices. Here are some considerations on how to protect your Los Angeles accounting firm from data loss exposure on mobile devices.


Enforce Standard Builds and Encryption Apps

You may have conceded through pressure to allow employees to choose their own devices for accessing firm data. Whether your employees are carrying phones or tablets on iOS, Android, Windows or Blackberry platforms, enforcing common mobile encryption apps should be mandated.

Accounting firms should consider the exposure of the data at rest on these devices, including client contact information, financial data, and messaging applications including email. Firms should also have employees use mobile VPN apps when they are accessing the firm’s data.

There a number of security software vendors that go beyond encryption applications and offer client’s solutions for “bricking” a mobile device via SMS should a device be stolen. All data on the phone will be locked down and the device can be rendered useless.

Limit Mobile Device Access

There is nothing wrong with restricting mobile access to those who absolutely can’t do their job without it. Senior management and other customer facing executives might be the only employees who require it. Laptops, tablets, phones, and other mobile devices can easily be left on a subway, airplane, or taxi and expose your firm and your clients to a great deal of liability which is completely avoidable. Enforcing advanced password management and use of two-factor authentication for mobile devices should be mandatory for any firm.

Establish Policies for Mobile Security

The reputation Blackberry has for security is well documented. In some cases, their devices have not fared well relative to iOS devices or Android. Your firm should not apologize for setting policies on mobile devices to be able to protect valuable client data.

Considerations for company-wide acceptable use policies should include:

  • Only using mobile devices for the purposes of carrying on firm business or limiting access to client data when in a secure area
  • Usage of advanced passwords, VPN apps, and Mobile anti-virus applications on company devices
  • Limit transmission of client related data via SMS or related instant messaging applications like SnapChat or Google Hangouts
  • Requirement for employees to have a separate personal mobile device which will not be provisioned to access firm or client data
  • Usage of mobile applications for systems like QuickBooks Online, Sage50, or their browser equivalents to office/home/secured Wi-Fi environments
  • Standardize your firm on a single, business appropriate file sharing application such as Box, then provide permissions on a per user basis to those who work with specific client files
  • Implement mobile device management technology  

Many accounting firms yield to employee pressure on the usage of mobile devices as a business tool. When accessing data which carries as much risk and potential for liability as accounting firm data, you have to hold firm on company policies and enforce them visibly in your organization. A single lost device, hacked tablet in a café, or stolen smartphone can cause irreparable damage to your firm’s reputation, your client trust, as well as seriously impactful data loss.


Do you have policies on security for mobile devices in place? Please share your thoughts in the Comments section below.


And to follow-through on the tips introduced in this short article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.