Cybersecurity checklist for CPA and law firms for 2019

November 16th, 2018
Cybersecurity checklist for CPA and law firms for 2019

As technology continues to evolve, so do the threats that go along with it. In both law and accounting firms, cybersecurity breaches are a regular occurrence because of hackers’ particular interest in their clientele’s personal and financial data.

There’s always new malware to worry about, which is why companies should be proactive in securing their networks and data. While total security of business networks should be entrusted only to professionals, there are things that companies can do to mitigate security threats.

#1 Lay down your security policies

Having a security policy guideline should be the first step to data protection, as it outlines the reasons and steps for security and possible sanctions in case someone breaks a policy. Assessing if you’re achieving your security objectives is a lot easier when policies are clearly laid down.

#2 Conduct security training for you employees

Regular security training should be a part of your firm’s annual customer premises equipment (CPE) curriculum to protect clients’ data. Employees should also be familiar with the current threats in IT such as ransomware, phishing, SMiShing (SMS phishing), and vishing (voicemail phishing), among others.

Even with the most efficient cybersecurity systems in place, there’s no substitute to having a team that’s well versed in cyberattacks.

#3 Have a planned operating system and antivirus updates

Malware takes advantage of vulnerabilities and glitches in applications and programs, which is why most software come with automatic updates. However, installing these updates can interfere with your daily tasks.

To avoid this issue, regular security updates should be planned and installed outside of business hours. This will reduce inadvertent problems and interruptions to your staff’s productivity.

#4 Don’t use public cloud

If you use a public cloud, you’ll have little to no control over who can access your data, where your servers are located, or if your data is already being sold. Using a public cloud can be appealing at first because it is significantly cheaper than a private cloud. But you’ll pay a far more valuable price: data loss, business downtime, and loss of your clients’ trust.

#5 Use multifactor authentication

When it comes to locking down important client files, relying on passwords alone isn’t enough. Multi-factor authentication (MFA) provides an extra layer of security to make sure that you’re not putting your customer’s information or your firm’s integrity in jeopardy.

#6 Use a virtual private network (VPN) for internal communication

It’s very convenient to use an unsecured wireless hotspot when you’re on the go and in need of contacting someone at work. These networks may ask for passwords, but that doesn’t mean that they’re secure. Any hacker can intercept communications between your device and the local router.

To keep your data safe, use a VPN because it encrypts all data in transit. It allows you to safely connect to any network and is easy to implement and work with whether you use a laptop, desktop, or even a smartphone.

#7 Lock screens automatically

To minimize unauthorized access to applications and private data, workstations should be set to automatically lock their screens after 5–20 minutes of being idle. This will secure sensitive information in case a user walks away from the workstation without turning off the computer.

#8 Check your insurance policies

It is crucial for firms to review their policies and understand the extent of their insurance coverage in case of a cybersecurity breach. This will prepare your firm better so you can start working on preventive protocols for lost productivity or client damages.

If you’re still unsure about your IT security needs, you can consult a reputable managed services provider (MSP) like Forum Infotech. We will assess your infrastructure’s weak points and give recommendations based on our evaluation. Here at Forum Infotech, we provide both private and public cloud solutions solutions to fit any budget. Call us today.