In today’s post, I’m going to show you the very best accounting security tips (23 of them to be precise!) to keep your accounting firm safe and secure.

Let’s dive right in.

Table of Contents

Why is Accounting Security Important?

Why is Accounting Security Important

It might seem obvious but there are a few reasons why you’ll want to ensure the proper cybersecurity at your firm:

a) Protect your client’s data security

Your clients put your trust in you as a professional and the last thing we want happening is your client’s sensitive accounting data getting leaked and a hacker accessing it that then uses their financial information for nefarious purposes.

b) Safeguard your firm’s data security

Again, this is obvious, but we want to make sure that your sensitive and confidential information is not only backed up to save from loss but also protected from hackers and a data breach.

c) Protect your business or companies’ assets

There are many different kinds of cybersecurity threats, but certain threats, such as phishing scams, can result in you having bank and credit card accounts hacked, with funds lost.

Just take a look at the average cost of a cybersecurity hack on a business:

cost of cyber attack

d) Protect your reputation

Since we’re an industry built on trust, you’ll want to make sure that your reputational risk remains intact. Security issues that arise seriously threaten that trust and therefore the reputation around your accounting services.

Types of Cybersecurity Threats

Types of cybersecurity threats

There are many different kinds of cybersecurity threats, but let’s look at the most prevalent ones for accounting firms:

a) Phishing

This threat occurs when you receive an email from someone pretending to come from a legitimate source asking you to click a link and take some kind of action. Clicking the link or providing the data to the webpage that you click on can then compromise your secure data which can lead to data breaches and provide access to the hacker.

Here’s a phishing example from someone pretending to be the IRS:

accounting security phishing

b) Malware

Malware is the most common type of cyberattack. Here, malicious software installed on your computer can take control of it, damage your system and gather confidential data.

c) Ransomware

Ransomware is a type of malware attack where the attacks lock part of your system or data and threaten to delete or continue blocking the data unless a ransom is paid.

This type of threat is no joke. Many companies are losing big money here:

accounting security ransomware

d) User error

Often ignored, but still one I would consider a threat is user error.

When I started my firm, I mistakenly deleted a bunch of client data. Oops…

Luckily, I was able to retrieve all this data, but it took me a ton of time to identify and get it all back!

e) Other threats

There are many more threats to be aware of which you might want to read up on: zero-day exploits, SQL injections, denial of service attacks, man in the middle attacks, and more.

23 Security Measures for Your Firm


cybersecurity image

Below you’ll find the best tips to keep your accounting business protected and secure from cybersecurity threats.

Tip 1: Get a Password Manager

This is probably one of the easiest security tips to put into practice.

A password manager at a minimum will allow you to securely store (and share) your password and user name with your team. Whether you have 1 employee or more, this will be very useful.

I tend to use Lastpass:

lastpass for accounting firms

It’s cheap and has some neat features, like letting you enforce policies for password strength and also let you whitelist your and your employee or team’s IP addresses so that you can’t access certain passwords if you’re not within your IP address, but there are other options and process for many businesses, namely Practice Protect, which is popular with my Future Firm Accelerate members.

It includes stuff like geo-locking (so those outside their geographic area can’t access the passwords), time locking (so it can’t be accessed during weird times), and IP locking as well.

Tip 2: Enforce Complex Passwords

Each password should be at least 12 characters (the longer the better) and should have a mix of letters, numbers, cases, and symbols. A password manager can help you easily generate a complex password.

Tip 3: Use a VPN in Public Wi-Fi Areas

Public Wi-Fi networks (ex: coffee shops, airports, etc.) are some of the least secure networks around for businesses, making you susceptible to some of the cybersecurity threats and having them gain access to your confidential information like passwords, social security numbers, bank accounts, etc. Signing up to a Virtual Private Network (VPN) solves this problem.

As an example, whenever I travel or head to a conference, I never use the public Wi-Fi and always connect to my TunnelBear VPN app:

vpn accounting firm

Tip 4: Backup Your Files

Accounting firms create and save a ton of valuable personal and sensitive information for your business and for your clients. Think of all those spreadsheets that have taken you hours to put together 🙂

Make sure that this stuff is automatically backed up daily and keep it up to date. I use an app to back up my Google accounts daily and I can retrieve and restore anything I want from whatever in the past using an app called Spanning, which has saved my life on a few occasions.

spanning backups

Tip 5: Backup Your Cloud Accounting Data

Most firms these days are using cloud accounting technology apps like Xero & Quickbooks Online.

Make sure that you are also backing up this data at least monthly since, while unlikely, these systems can go down at any moment. I prefer to keep hard copies of this stuff.

Some apps like Rewind let you automatically back up these financial accounts and your critical reports.

And if you use apps like Dext for clients to send their receipts into, there are integrations with your Dropbox and Google Drive accounts to automatically save these docs there as well:

receipt bank storage integration

Tip 6: Implement Multi-Factor Authentication (MFA) on Everything

MFA, or two-factor authentication, makes it more difficult for those to gain access to your accounts if they gain access to your passwords. When you log in, you’ll need to provide a typically 6-digit code that comes from an app, like Google Authenticator, where that code is only valid from the device in your possession.

Make sure you and your team users enable two-factor authentication for all apps that you’re using. Most of the popular accounting apps allow this functionality as well:

hubdoc 2fa

Tip 7: Purchase Dedicated Work Computers for Home

You’ll want to segregate work usage on a computer from personal usage. Personal usage often leads to surfing around on less secure websites which can increase the chances of cybersecurity threats occurring and make it easier to identify for hackers.

Tip 8: Install Malware Scanners on All Computers

We already saw that malware poses a lot of risk to your firm or your business. A malware scanner, like Malwarebytes, can help intercept these threats from occurring in your system.

Tip 9: Install Anti-Virus Software on All Computers

Same as tip 8, you’ll want anti-virus software on all your small business machines. Kaspersky and Norton Antivirus are popular options.

Tip 10: Implement an Employee Offboarding Process

All employees or an employee no longer at the company should promptly have their devices and access revoked. Set up a checklist to ensure that terminated employees or a terminated employee is removed from all apps and the system.

That’s another great feature that Practice Protect provides: they allow you to revoke access to a team member’s app at the click of a button.

Tip 11: Provide Team Training on Security

Your team should have the appropriate training on typical security threats that can occur in your firm. Users should be trained upon onboarding with a refresher every quarter or so if they come in contact with a hack.

And your training doesn’t have to be the most sophisticated technology thing ever either. You can simply collect a few articles on the internet and record a few videos on the topic that’s added to your knowledge base and share this with your team.

Tip 12: Shred All Paper

I’m hoping you’re still not using paper in your business, but if you are, make sure that you shred all documents before you toss them.

Tip 13: Limit App Permissions

Not all employees everyone on your team should have access or contact to everything in your firm as this would just increase the risk of a data breach or security issue. Most app’s services and systems today allow you to set the correct permissions, just like in my Xero account:

xero permissions

Tip 14: Develop Security Practices & Policies

Your business should have policies and systems that outline your team’s responsibilities when it comes to data security and cybersecurity matters. Your security is only as strong as the weakest link, so ensuring that the team is not only trained but briefed on how they should be acting in relation to security becomes a critical matter.

Tip 15: Consider Regular Team Security Testing

Tips 11 & 14 discuss training your team or employees on security and having the right policies in place. Some firms I know, like one of my Future Firm Accelerate members (shown below), apply regular security tests to ensure this training and policies are being followed:

accounting security for firms

And if you search online, there are a variety of phishing simulations available, some even for free.

Tip 16: Enable Secure File Sharing with Clients

Let’s face it, accounting firms share a ton of sensitive information or personal information that could be compromised if it gets in the wrong hands. An app like Sync can help you share these files more securely by controlling unauthorized access of the documents with passwords, expiration dates, and more.

accounting firm file sharing

Tip 17: Reset Sensitive Passwords Regularly

If you have some apps that contain extremely sensitive data, credentials, and business information, consider having a repeating task that makes you and your team reset your passwords regularly (ex: every quarter).

Tip 18: Consider a Separate Router at Home

Previously I had mentioned that your Wi-Fi network can compromise your secure data if the network isn’t secure. Well, if you’re working from home and have little ones who might not understand cybersecurity accessing your Wi-Fi, your computer could be at risk.

That’s why a separate router at home dedicated just for small business usage (which keeps your kids off your network) might be a safe bet to maintain physical security.

Tip 19: Encrypt Your Hard Drive

If you lose your device or if it’s stolen, an encrypted hard drive can prevent others to access your sensitive files. You can use Bitlocker on Windows or FileVault on Mac.

mac filevault

Tip 20: Password Protect Sensitives Docs Sent to Clients

Accountants send tax returns, financial statements, credentials, and all kinds of other sensitive accounting data and financial data by email. Password protect the files that you send.

Tip 21: Implement a Data Recovery Plan

Unfortunately, there will likely come a time when you run into data breaches or data loss in your accounting system so don’t rest easy after all the setup you have done. This is where you’ll want to have the proper security protocols and an up-to-date data recovery plan established ahead of time to quickly retrieve your financial information.

Tip 22: Check Security Measures for Apps You Use

Reputable pieces of software should list their security practices on their website. Before signing up for any new software, make sure you’re comfortable with their practices. Here’s a snippet of how QuickBooks handle security measures for accounting systems:

quickbooks security

Tip 23: If You Don’t Understand Security, Engage Someone Else

Lastly, consider outsourcing security to a third party who really understands this stuff. For example, Tech Guru is a firm that handles the IT and security needs of accounting firms so that you don’t have to deal with it yourself.

Wrap-Up

I hope you found this article on the 23 best tips for your firm’s accounting security helpful.

In times like this especially when the coronavirus pandemic hit, everything is happening online.

Which tip are you going to execute first?

Let me know in the comments below!