Why Vulnerability Management Is Important for CPAs

Author: Craig Pollack Date: Sep 20, 2018 Topics: _CPA and Accountant Blogs, IT Services, Cybersecurity

Vulnerability management is a critical, yet often overlooked, component of a Los Angeles certified public accountant’s (CPA’s) security posture. Protecting their clients’ sensitive personally identifiable information (PII) and financial data is a must for CPAs — and requires a strong network security defense. As such, vulnerability management is important because it helps to keep the focus of organizations on information security.

In a nutshell, vulnerability management is the process that helps to identify and evaluate the risks of IT vulnerabilities. A vulnerability is defined by the International Organization for Standardization (ISO) and the International Electrotechnical Commission’s (IEC’s) international standard ISO 27000:2018 as “weakness of an asset or group of assets that can be exploited by one or more threats.”

Frequently, the term vulnerability management is misunderstood to share the same meaning as vulnerability scanning or vulnerability testing. However, these two processes, while related, are not synonymous. Vulnerability scanning is the use of a computer program to identify vulnerabilities, whereas vulnerability management concerns the things that surround the security vulnerability management process, such as risk acceptance and remediation.

Network vulnerability management’s importance can’t be overemphasized.

The Importance of Vulnerability Management

Continuous Assessment of Network Using Vulnerability Testing

Just as you would keep your house or office door locked, security assessments that include vulnerability testing by knowledgeable and experienced IT security specialists, such as the team at FPA, can mean the difference between a successful, productive year and catastrophic failure due to data breaches, theft, or loss.

A certified information security services provider (CISSP) can assess and evaluate your network to find any vulnerabilities or gaps in your cyber defenses using vulnerability testing or (vulnerability scanning). They then can provide remediation guidance for addressing these concerns on your servers, devices, computers, and other network access points and then conduct additional penetration testing to test whether the gaps can be exploited so you can head off exposure.

Effective continuous assessment revolves around the vulnerability management lifecycle. This lifecycle consists of discovering vulnerabilities, prioritizing assets to address, making assessments, reporting, remediating, and verifying that gaps in security have been addressed.

Why Vulnerability Management Is Important to Your Firm’s Reputation

A thorough and appropriately-scoped security assessment with vulnerability testing helps you to:

  1. Protect your firm’s reputation by doing everything possible to protect client data;
  2. Demonstrate your vulnerability management diligence by being able to provide documentation that you’ve done everything within your power to protect your network; and
  3. Develop critical and profitable relationships with a reliable IT security service provider can help you create added value for your clients by increasing your knowledge of Payment Card Industry Data Security Standard (PCI DSS) compliance and collaborating on IT security policy preparation.

Vulnerability Management Helps You Maintain Industry Compliance

Without a vulnerability management process in place, your firm may inadvertently neglect to take the necessary actions to protect your technology and data from attack. Furthermore, without following through with security vulnerability management processes, you may find your firm out of compliance with vital regulatory bodies such as the U.S. Security and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), PCI DSS, and the European Union’s General Data Protection Regulation (GDPR) for firms that work with customers that reside in the EU.

To learn more about vulnerability management, industry compliance, and other critical information for certified public accountants, be sure to check out our CPA resource center by clicking on the link below.

What vulnerability management process does your firm have in place to ensure that your clients’ data and your CPA firm’s reputation are protected? Be sure to share your thoughts and experiences in the comments section below or send me an email to continue this conversation more in depth.

CPAs & Accountants Resource Center


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.