Why CPAs in LA Must Prioritize Network Penetration Testing

Author: Craig Pollack Date: Apr 14, 2015 Topics: _CPA and Accountant Blogs

Why CPAs in LA Must Prioritize Network Penetration TestingWith vulnerability assessments, an expert explores a network, website, or application, and locates a certain amount of potential exposures based on a set of goals. You take some pictures, report back on what you saw, and life goes on.

Network penetration testing, or a “ethical hacking” as it’s often called, is performed by an expert who is contracted to leverage their skills to demonstrate and simulate how a “black hat” hacker could evade your security measures, find a vulnerability, and wreak havoc on your systems.

Some of the most talented “white hat” penetration testers are former “black hat” hackers. Like a reformed thief, these network penetration testing experts can provide realistic perspectives on how a hacker might exploit a security gap in your network, and how to plug the gap.

Testing Strategies

Some of the strategies white hat hackers use are:

  • Taking a list of known vulnerabilities and/or malware techniques and seeing if there is evidence that they exist on your network.
  • Investigating to see if a recent software installation might have been executed to leave backdoors to your network to open up purpose-built vulnerabilities. The Heartbleed bug leveraged this sort of malware strategy.
  • Methods established within the Standards for Information Systems Auditing.

Implementing Recommendations

Penetration testing should not be considered a “once and done” process. You should have a test done by a professional, review the results of those tests, apply as many of the remediation recommendations as possible, and implement applications which can consistently scan your vulnerabilities and report them.

Regulatory compliance standards for Payment Card Industry (PCI) requirements or Health Insurance Portability and Accountability Act require regular penetration testing and/or vulnerability tests.

The fact that credit card companies and healthcare institutions place such high priority on these tests speaks volumes for the fact that accounting firms should also have penetration testing done to make sure the right safeguards are in place to protect the sensitive client data on your servers, laptops, and other devices.

Some other reasons you might want to have network penetration testing done, besides never having had one before:

  • You have just been hacked and you want to be sure you are prepared next time. You also want to have evidence for potential and existing clients that you are doing your due diligence to mitigate future risk.
  • Other local businesses in Los Angeles have been recently targeted by hackers.
  • You have decided to merge with another firm, and you want to test the other firm’s network before creating connections between the Local Area Networks to prevent any malicious bots or viruses from harming your systems.

Bottom Line

Regardless of the motivation for your network penetration testing, understand hackers are highly motivated to access financial and corporate data in general, and an accounting firm in LA can represent a lucrative opportunity to steal potentially damaging or incriminating data.

Proactively contract expert penetration testing as a proactive measure, instead of waiting for black hat hackers to find your security gaps.


Have you had network penetration testing done for your Los Angeles accounting firm? Were you able to increase your security protocols based on the findings? Please share your thoughts in the section for Comments below.


And to follow-through on the tips introduced in this short article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.