It’s tempting to think that cybersecurity is just an information technology (IT) concern, but for accounting professionals – especially those in small to mid-sized firms – cybersecurity is a business-critical issue that can directly impact client trust, operational continuity, and even the future of your firm.

Cybercriminals are no longer just targeting the big guys; nearly half of all breaches affect small and mid-sized businesses. Often lacking in-house IT departments, sometimes without comprehensive security measures in place, and tending to rely on trust and reputation, small and mid-sized firms can be perceived as easier targets. 

With many smaller firms operating with lean teams, sharing log-in credentials, and possibly using outdated systems, you can see why cybercriminals see this space as ripe for exploitation.

In the winter 2025 issue of NewsAccount, Anchor Network Solutions’ Vince Tinnirello shares tips for building a solid cybersecurity foundation amidst a growing threat environment, noting that doing so doesn’t require a massive tech overhaul. In fact, many of the most effective steps are relatively simple and budget friendly.

Security Considerations

Begin by asking, ”If we lost access to our data tomorrow, how long would it take to recover? Would we lose days? Weeks? Could we recover at all?” A strong backup solution is your safety net, but only if it’s isolated from your network and protected against ransomware. Talk to your IT provider about whether your backups are truly secure and how quickly you could get back up and running if needed.

Make sure your systems are being patched regularly. Every time Microsoft releases a security update, they’re giving hackers a roadmap of what to exploit. If your systems aren’t up to date, you’re inviting trouble through the front door.

Take a look at user access. Too often, employees are given administrator rights on their devices, giving bad actors free rein if staff credentials are compromised. Restrict access to only what each person needs to do his or her job, and consider implementing tools that require approval for elevated access when needed.

While multifactor authentication (MFA) can be inconvenient, it’s one of the easiest ways to stop unauthorized access. Whether it’s your email, cloud-based tax software, or remote desktop, MFA should be turned on everywhere it’s available.

Security as an Organizational Culture

Managing cybersecurity is less about achieving perfection and more about creating a culture of caution. In most breaches, human error is the culprit, making regular security-awareness training critically important. Staff should feel empowered — not embarrassed — to ask questions, report suspicious emails, and learn from missteps.

Cybersecurity doesn’t have a finish line. The tools evolve, the threats change, and the bar keeps rising. But with the right foundation and the right mindset, you can protect your practice, your data, and your reputation.

Read Tinnirello’s full article, “Cybersecurity Isn’t a Tech Issue – It’s a Business Imperative for CPAs,” in the winter 2025 issue of NewsAccount.

Anchor Network Solutions, Inc., offers comprehensive IT services and solutions, providing expert assistance in technology and networking for businesses of all sizes. COCPA members and their clients save 25% on onboarding fees and 10% on monthly service fees for managed IT and cybersecurity services. Learn more on the COCPA Member Savings Program page.

COCPA members can earn free CPE credit for NewsAccount readership. Take advantage of the opportunity to earn free CPE while staying on top of the latest news from the profession. Click here to learn more and register.

Looking for an opportunity to connect with your COCPA colleagues to discuss technology, its impact on the accounting profession, and future trends? Learn more about the COCPA Technology Users Group.