Grow Your Firm

Cybersecurity and Data Backup Tips for Accountants

Gusto Editors  
Person connecting a hard drive to their laptop

Could your firm be at risk from scammers, hackers, and data breaches? Is your data safely stored with the best security measures possible? It’s always best to prepare for compromising scenarios ahead of time.

Introduce your clients to payroll they’ll actually love.

Here at Gusto, our goal is always to equip accountants with the information they need to protect and run their firms efficiently. So we’re here to inform you of essential cybersecurity tips, data security technologies, and best practices for data backup.

With the world increasingly going remote, businesses are expanding their digital footprints. While that’s great for efficiency, it does come with some risks. We partnered with Tech Guru to present a webinar hosted by Daniel Moshe, and you can listen to it here. In the webinar, Daniel shared the best tips and tools for running a robust security program, securely storing all data, and more.

Daniel is the founder and CEO of Tech Guru and an EOS Professional Implementor. He helps leadership teams leverage practical tools that enhance all business operations and teams. Daniel’s expertise lies in technology advising and budgeting, managed IT services and cloud tech, systems administration and technology, and project management, among many other areas. Daniel is also a well-known speaker, podcaster, host, and teacher known as “the Caring Entrepreneur.” 

How people play into data security

If you’re a small CPA firm or a solo CPA, you may think you’re too small to encounter hacker threats. But believe it or not, you’re a target. Cyber attacks, hacking, and identity theft occur more regularly than you might think, and firms are usually most at risk at the busiest time of year.

It’s unfortunate, but scam artists strike when you’re seemingly too busy to keep on top of your security measures. That’s why prevention, preparation, and education are critical components of a robust security program. As much as possible, teach your team about the essential elements of internet security right away. You’ll want to cover topics such as phishing, malicious hyperlinks, scam messages, and downloads in your training.

You’ll also want to set up anti-virus and data security protection through a reputable company such as Webroot, Mcafee, and Norton. All are great options. Just make sure that whichever program you choose is easy to use, intuitive, and comprehensive. Make sure you and your team can easily navigate it. 

Look for attributes such as 

  • Phishing Blocks
  • Identity Protection
  • Ransomware Protection 
  • Malware Detection & Removal
  • Firewall
  • Identity Protection
  • Backup
  • Email Protection
  • Social Media Protection

Since this is for business purposes, it’s essential to choose a service that can perform scans quickly, even while other programs are running.

Your next line of defense needs to be your team:

“I hate to say it, but as humans, we are the weakest link when it comes to these latest online and email threats. … It can be very difficult to differentiate something that is legitimate from something that’s not, so the best way to empower yourself is through education.”

– Daniel Moshe

For example, email security breaches are a risk. Daniel gave the example of a hacker taking over the identity of someone on your team and contacting one of your clients, and while impersonating you, asking the client to wire money. Even if the email looked suspicious and the client made the mistake, it would not be a good-look for your firm. Daniel advises talking to your clients about this ahead of time. Talk to them about how to protect themselves, particularly in how they send information to you. Let them know that you’ll never ask for social security or TIN numbers, dates of birth, credit card information, or banking information via email.

Man standing at a desk with a laptop  backing up his data via the cloud.

According to Daniel, it’s critical that sensitive information is not relayed in an email. Go over this with clients and walk them through specific processes you want to have in place for all communications. Do you want them to call you with sensitive information if it’s required? Is there any software and specific online signature that you’ll use?

Multi-factor authentication

Traditional passwords aren’t enough anymore. They’re being phased out as scammers use increasingly sophisticated hacking tools. Daniel shared that hackers are regularly using Artificial Intelligence bots to scan email accounts for their passwords. Believe it or not, your email may have already been scanned! So two-factor authentication is a must. Make sure you set it up for all devices, starting with your email. Remember that if your email gets into the wrong hands, so will all of your messages and contact information. 

Multi-factor authentication works by requesting multiple ways of logging in. This could be through providing personalized information or, more commonly, by sending a code to your backup email or mobile phone. There is also biometric authentication (such as fingerprint or retina scan) or location-based authentication. The majority of systems will require you to log into your mobile phone, so keep that in mind.

Daniel explained that it’s always best to enable multi-factor authentication on tech that has updates, as it can cause older systems to crash. Also, remember that when you get a code by text or email for the authentication, you should never give that code away.

You can also set up an additional email account as a backup. Along the same lines, consider an additional account for at least one of your other processes, such as payroll or business applications. While there is an investment of time and energy to do this, it’s generally worth it. Since your other security measures will be nearly automatic, you shouldn’t have to spend too much time keeping on top of things.

Data backup and security technology

It’s best to get all your tech in order before the busy season approaches, as the state of your tech will affect both security and safety. You may also want to upgrade your computer with a bit more memory or RAM, which can be expensive but will enable your computer to run faster even with multiple programs open. The last thing you want during the busy season is to have to tell a client, “my computer crashed.”

Daniel also advised running updates for your operating system, apps, and security systems. Security systems can fail, and your devices can perform less optimally when updates aren’t performed regularly. To maximize performance, you can also clean up your computer by removing unnecessary apps—just make sure you’re not using them anymore. 

“You’re better off keeping your computer updated because I’ve heard the story—people say, ‘Oh, during busy season, I don’t update my computer because I don’t want to run the risk.’ … I feel that the risk of not updating your computer is actually greater than doing the updates, as long as you’re aware of any potential updates that might break your software. … The good news is that the big software providers out there typically will let you know … if a new Windows update will break their software.”

– Daniel Moshe
Female sitting at desk with a laptop updating her cybersecurity software

Data storage and recovery

Everyone knows what it’s like to have their computer crash, so it goes without saying that protecting your data should be a top priority. Don’t wait until you’re slammed with work to tackle this. A cloud-based system is best, and you’ll want to make sure updates are made automatically and regularly. You may also wish to back up anything saved to your hard drive. 

Designating a person or a team to stay on top of updates to your storage system and ensure it’s being done regularly is a good idea.

“I really encourage you to have some kind of automatic backup system or, even better, using something like Office 365 or Dropbox, and things like that. They are backed up. The moment you save it, it’ll be backed up instantly. So, it’s literally kind of foolproof there.”

– Daniel Moshe

How about your mobile devices? They’re actually one of the things people forget about the most, but Daniel stressed the importance of keeping your mobile devices secure. Since you may have to do this manually (which is less foolproof), make sure you have a regular strategy in which you can check that all is going as planned. This might even include mandating employees use password protection for mobile lock screens. After all, company emails are likely accessed via those devices.

Introduce your clients to payroll they’ll actually love.

Learn more cybersecurity and data backup tips

Small firms and solo CPAs may believe they’re less vulnerable to security threats, but the reality is that everyone needs to protect themselves. Educate everyone in your firm about cybersecurity best practices. Have protocols for sending sensitive information, and communicate those protocols to your clients. It’s wise to prep your tech ahead of the busy season to prepare for increased security risk and to protect your data automatically. Enable multi-factor authentication, get your security software running optimally, remove unused apps, and run all updates to your computer.

Additionally, remember that it’s best practice to set up automatic cloud-based storage for everything you need to save. And, don’t forget about your mobile devices. 

Here at Gusto, we’re proud to bring you what you need to protect your firm. Be sure to check out our upcoming article, “Tools, Systems, and Platforms to Modernize Your Accounting Firm.”

We invite you to join our Gusto Partner Program and take advantage of our simple, streamlined people platform. Put more focus on growing your business by letting Gusto handle processes such as payroll, HR, and onboarding. As a Gusto partner, you’ll also get tools to help you expand your accounting practice and offer your clients new insights. In addition, you’ll get a free payroll subscription for your own accounting firm. Sign up today! 

Updated: September 7, 2021

Gusto Editors
Gusto Editors
Back to top