CPA firms go through a lot of work to try and keep your data safe, obviously no system is perfect, but it is constantly a focus point in our industry: by the IRS, our professional liability carriers, and in our continuing professional education. As an industry we are doing better and working hard to continue that improvement.
However, one of the things that I have noticed over the years is how often my clients need to be reminded of how careful they should be with their own information. Most of my clients aren’t hit with the myriad of reminders that I am and forget that they hold vendor’s tax ID and account numbers, employee’s Social Security numbers, and customer’s credit card information in addition to their own business records.
So here are a few tips to get you started and a link to some more security resources put out by the National Institute of Standards & Technology.
- Have a plan: Know what data you need safe and who is responsible for it and deliberately create practices (and/or policies) to keep the plan healthy.
- Educate employees and business owners: Often times failure in terms of data security is a result of human error, downloading software with malware, stagnate passwords, computers left unlocked, information put in shared folders with the wrong permissions, etc. Simple reminders and a little bit of education can go a long way to help close those holes.
- Keep software updated: Updated security software is critical, but holes in old or outdated software can be a potential vulnerability. Think about your website, e-commerce platforms, financial management software, etc.
- Backup your data: This one has hit more than one of my clients. Make sure you have multiple backups with at least one kept in a separate location. Not only can hardware or software failure create a problem, but if some ransomware is demanding $10,000 to get back your accounting records or your main computer goes missing, how nice would it be to just restore your data from your latest backup?
- WiFi: Sounds simple enough, but password protect your router and networks, and don’t share your internal WiFi password that allows network access with external users.
- Use a VPN: If you are accessing company data through a public network, or outside location, use a VPN to keep your traffic and activity encrypted.
- Don’t forget your paper files: A lot of data still sits in many of my client’s offices on paper. Lock up the important stuff!
- Think about security systems: Think about installing security systems or cameras. Camera’s and security systems that you can install and manage yourself are getting better and more affordable.
- Don’t e-mail unencrypted sensitive data: Use a different, secure method for getting sensitive data to the people who need it!
- Change your passwords periodically: Just endure the frustration and do it.