Amidst the IRS’s recommendations that CPAs review all aspects of their data strategies, including administrative practices, building protection, computer security, staff, and information systems, implementing even a few relatively simple strategies will help to ensure better data protection for your firm.

Identify Your Cyber Assets

The path to a more secure firm starts with creating a simple document detailing your practice’s information technology (IT) assets. List all of the technology that you use at your firm to the best of your knowledge, including:

• Networking infrastructure
• Systems and other hardware
• Applications and data
• Users

Strengthen Passwords

Office security, from your network to personal computers, hinges on password strength. Enhance protection by using a password manager, which secures all passwords under one master passphrase. A passphrase is basically a stronger, more complicated password. Strong passphrases have the following characteristics:

• Contain both upper and lowercase letters
• Have digits and punctuation symbols as well as letters
• Contain at least 12 or more letters, numbers, or symbols
• Are not a word in any language, slang, dialect, or jargon
• Are not based on any personal information

Ensure Data Security and PCI Compliance

Every business that accepts credit or debit card payments must be compliant with the Payment Card Industry Data Security Standard (PCI DSS). To become compliant, businesses must complete a self-assessment questionnaire (SAQ) on an annual basis. SAQs are based on the six standard groups outlined by the PCI DSS (and their sub-requirements), which are:

1. Build and maintain a secure network: Ensure that your systems have firewalls in place and are regularly updated.
2. Protect cardholder data no matter what: The best online payment solutions will store and protect sensitive cardholder data for you.
3. Maintain a vulnerability management program: This simply means using antivirus and anti-malware software and keeping it up to date.
4. Implement strong access-control measures: Limit access to sensitive cardholder data to only those who need it for business purposes.
5. Regularly monitor and test networks: Document who can access what and make sure these practices are working correctly.
6. Maintain an information security policy: Draft a security policy that outlines how your business uses technology and handles sensitive data.

Establish a Reputation Clients Can Trust

For more tips on how to increase your firm’s security, check out CPACharge’s comprehensive guide, Cybersecurity: Best Practices for Accounting Firms.

As a COCPA Platinum Partner, CPACharge offers end-to-end encryption, tokenization, and multi-factor authentication to protect client data. Click here to learn more about CPACharge's special offer for COCPA members and/or to schedule a demo.