BIGtheme.net http://bigtheme.net/ecommerce/opencart OpenCart Templates
Home / Services / IT Security Framework for Accounting Firms…

IT Security Framework for Accounting Firms…

The AICPA released two sets of criteria for public comment this week (Sept 2016) regarding cyber security. Both focus on different elements, but the common theme is the AICPA trying to develop a common framework for audit firms to evaluate the cyber security of their clients (risks and compliance).

While this will prove to be very helpful, it got us thinking at Fluid: Do CPA firms themselves have a framework for their own security? Are CPA firms adequately protected from data breaches of their client’s financial information? Are accounting firms prepared to react to and recover from a malicious threat that may cause data loss or temporarily impact the productivity of the team?

Data security is a pressing issue for CPA firms given the rising level of attacks and the sensitive financial data accountants work with. A few data points –

  • Over ½ a billion personal records were stolen in 2015
  • Phishing campaigns targeting employees rose 55% in 2015
  • Ransomware increased by 35% in 2015 (362K reported cases)
  • 1 in 220 emails sent contain malware (431M new malware variants found)

While developing your own cyber security framework may seem daunting given the rapidly shifting threats, the task at hand can be greatly simplified if you break it down into the components parts (and work with professionals). At Fluid, we support our clients in 4 primary areas that each firm must address to have a comprehensive security plan.

1) Compliance Management:Fluid Security Framework

Does your firm understand all levels of compliance required given the data your firm interacts with? This can range from data retention compliance standards to data-center configuration standards. Often great compliance management starts with proper documentation, but rely on staff training and monthly monitoring to ensure/validate compliance.

2) Perimeter Management:

Think of your IT perimeter like the physical perimeter of a secure building. Are all entries and exits secured and guarded? Firewalls, cloud services, and email are major vulnerability points that should be managed and monitored for security purposes. BYOD and the proliferation of mobile devices has extended this perimeter, but these additional problem have solutions if they are approached systematically.

3) Vulnerability Monitoring and Threat Response:

You may know your weaknesses today, but that will change tomorrow; you need to monitor for attacks and have an active response if any attacks are detected. Much of this can be automated, but some expert oversight can make sure you don’t have any unintended gaps.

4) Cloud Backup and Disaster Recovery:

Even the best-run IT Departments may run into an occasional problem, ranging from accidental data loss to a malicious breach. We’ve found from our experience with clients that having a robust, offsite backup in a secure cloud environment can minimize the impact of most problems and greatly improve recovery times.

 

Whether you know it or not, your firm has ongoing IT activities in each of these 4 areas, which require ongoing focus and continual improvement – security is never ‘one and done’.

If you want to review your security practices, give us a call. We can help.

Opt In Image

Future-Proof Your Business

Isn’t it time your technology supported your business goals?

Download a free copy of our comprehensive guide, where you’ll learn:

  • All the ways the cloud enables your business
  • Things to consider when moving to the cloud, like security, cost, support and more
  • What are the different cloud configuration options
  • Exactly what steps to take to seamlessly migrate your business to the cloud


Source link


About admin

Check Also

3 Ways to Tame Your Email…

In his 2002 song “Darkness,” Peter Gabriel states “I have my fears / But they ...

Leave a Reply

Your email address will not be published. Required fields are marked *