Over twenty-five years ago I met with a new client who told me why he fired his last accounting firm. He received a phone call from a good samaritan that the person had found
my client’s tax records in a phone booth. Apparantly, his CPA (from one of the largest CPA firms) had left my client’s tax records when he stopped to make a call in a phone booth.
There are so many opportunties in every business week, to compromise security. The article, 3 big security blunders You don’t know you’re making by Angela Stringfellow set up some blunders, guidelines and solutions:
- Not implementing a mobile security policy. Protable devices are a security nightmare. In our CPA firm, nobody is to keep client’s records on a USB drive. We require that if a CPA (or bookkeeper) transfers information from a client’s computer to a laptop computer to be worked on later, we require their USB drive be erased and access to the laptop have a password. In addition, if the CPA (or bookkeeper) are accounting records, the access to those records be secured by a password. The mobile device referred to in the article are devices like cell phones and ipads that can log into a company’s server. For those kind of security breaches, the author recommends NQ Mobile to secure all mobile devices across the board.
- Using cloud-based applications without security precautions. More and more CPA and accounting applications are developed on a cloud. You wonder how secure they are, and how secure your connection is. The author recommends that you understand that a cloud has 24/7 security with an adequate staff. As CPA’s we are the hub of clients’ information, so our security should be deliberate.
- Failing to test third-party applications. This flaw is more technical than most CPAs can understand, but what the author states is that eventhough third-party applications test for security, a company’s internal security system can be compromising them. “The most common—and most dangerous—security flaws introduced by third-party apps include SQL injection and Cross-Site Scripting (XSS),” according to the author. The bottom line is to hire a company to assess your security protocols, and how that interact with third-party software.
Your company’s data is your lifeblood. But your concern must go beyond the company’s computers and to those who share your data like your attorney and CPA. The analysis should also work its way to your company procedures and empolyees. As a CPA firm, we have different measures to secure client’s check stock, tax returns, financial statements, personal information, etc.