Why Data Leakage Should Matter to Los Angeles CPAs

Craig Pollack | Jun 26, 2015

Why Data Leakage Should Matter to Los Angeles CPAsData leakage is the unauthorized transfer of information from a computer to outside of your Los Angeles CPA firm.

As an accounting professional, information (or your client data) is the center of your world. Making sure your physical and electronic information repositories are secure is of utmost important to your success.

Whether you store your paper and electronic files onsite, offsite or in the cloud, you want to be sure the records you are entrusted with are available, reliable and secure.

With all of this in mind, here are four tips on how to prevent the unauthorized transfer of your data or data leakage.

1. Implement a Permissions-Based Data Management System

If you make all client data available to all employees, you increase the risk of information being lost or “accidentally” sent outside of your firm inappropriately. Statistics show, most data loss is not the result of an outside hacker, but instead, through the illegal or careless management of information by an internal employee.

Limiting client data to only employees who require it as a part of their job minimizes your exposure. The employee knows they will likely be held responsible for loss of specific records. However, the “ethical wall” will limit the amount of intellectual capital they can access.

2. Consider Encryption of Data in Motion

In most Los Angeles CPA firms, information is constantly being retrieved, shared internally, sent into the business and pushed back out again. Seek out ways to:

Ensure you have clear communication with your employees on the sort of data which can be shared externally and the approved file storage applications for client data. Be vigilant about removing access to client records when an employee leaves your firm voluntarily or due to termination.

3. Secure Data at Rest

Ensure the encryption of client information that is stored on

  • Laptop computers
  • USB drives
  • Mobile devices
  • Internal databases
  • File share drives and applications
  • Employee home desktop computers 

All of these scenarios can lead to data leakage. Beefing up your security through adopting these safeguards can save your company from losing valuable data: 

  • Endpoint security applications
  • Host encryption
  • Mobile device encryption
  • Network/Internet storage systems that are enforced as the go-to data repository for all corporate files
  • Physical media control
  • Physical and electronic disposal, deletion, and destruction policies and schedules
  • Web content filtering for governance of website access
  • Conduct regular vulnerability management scans and penetration tests of your network

4. Acceptable Use Policy

Beyond technology systems to protect your firm, employees should commit to an Acceptable Use Policy. Here you can outline how corporate computers should and should not be used. Include a section on creating device passwords and regularly scheduling password changes. You can add a section on mobile devices, whether firm owned or personal, and discuss proper use. 

Social media should be a large part of your Acceptable Use Policy. Describe the professional manner in which the firm expects employees to behave. This section should cover authoring, commenting, and sharing blog posts as well. 

And finally talk about restrictions on removing portable media and any hardcopy records from the office.  

Bottom Line

Technology can assist in preventing a great deal of data leakage. However, employees and executives must commit to practices that protect information from being sent out voluntarily. The Online Trust Alliance, a non-profit organization that helps businesses to establish information risk management and governance best practices, said that ninety percent of the incidents of data loss which took place in 2014 were preventable.

Los Angeles CPA firms need to take a proactive, hands-on approach to preventing loss of sensitive client and corporate data.


Have you discovered a strategy that is particularly helpful in stopping data leakage from your Los Angeles CPA firm? Tell us about it in the Comments section below.


And to follow up on the tips introduced in this article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.