Imagine if a hacker wanted to steal to your most sensitive information: bank accounts, social security number, addresses and government information. Assuming you already use a secure system, it's important to consider who else might have your information and whether or not their system is safe as well.
In our line of work, we regularly evaluate cyber security systems for many NYC companies. Of all the businesses we work with regularly, accounting firms handle some of our most sensitive information and often have glaring security vulnerabilities. Of course we implicitly trust our accountants; some are like family! But are they tech savvy enough to protect your information from a motivated identity thief?
We’ve created a security checklist below which outlines areas of vulnerability that we commonly uncover. If any of these vulnerabilities are present in your home, business, or other professionals you entrust your data to, they should be addressed immediately.
Regular email systems have low security requirements and are often targeted by hackers. You'll want to make sure you use an email system that supports two-factor authentication. You may also want a system that's administered in-house so that if one of the accounts get hacked it can quickly be shutdown. We can help you set up two factor authentication with services like Gmail or G Suite. We can even set you up with a ProtonMail account which provides end-to-end encryption and ensures no one can access your private communications - not the government, not hackers, not even ProtonMail themselves.
Do you know where hard copies of your accountant’s documents are stored? Could someone walk into their office after-hours and simply open a drawer and steal your information? Physical copies are vulnerable to theft, being copied without a traceable history, and can be lost in a flood or fire. We can help set up disaster-proof storage and transition businesses to paperless systems that are stored securely off-site.
Files containing sensitive information should be stored on a secure and encrypted server that is always backed up to the cloud as well as off-site, encrypted backup on a portable drive. Your accountant's office manager or IT company should manage user security - keeping track of who has access to which information and maintaining unique usernames and passwords for each employee.
Does your accountant have a reliable file backup system with redundancies in place? If their office was infected with a crypto-virus tomorrow, would they be able to replace the data without paying the ransom? If one of your accountant’s storage drives fails, will they be able to seamlessly retrieve those files from another source? You and your accountant should have multiple and secure forms of backup, both on- and off-site.
Keeping your software up-to-date can help protect you from security risks and maintain compatibility with the evolving hardware and software ecosystem. We can help ensure your operating system (Windows/Mac), antivirus, and business software is up-to-date so you can focus on what you do best.
How secure is your accountant’s network? Is it susceptible to brute force hacking? Can anyone who logs into their WiFi access your files containing your information? Do you or your accountant have remote access setup? Was it setup securely? Every remote account should have a unique password along with proper user permissions for each shared folder on the network. The router should also have its firmware updated to the latest version.
If you are unsure of even one of these questions please don't hesitate and contacts us.