march2021 - 5

FEATURE

4 TIPS for Firm Cyber Security in the Cloud
By Mary Girsch-Bock

AS MORE CPA firms turn to cloud-based applications, the need to keep
the firm's data secure becomes a more pressing concern. And with the
level of confidential data retained by CPA firms, is it any wonder that
they remain a particularly attractive target for computer hackers?
Just for a moment, imagine the
conversation you would have with
your clients when you had to inform
them that their personal data had
been accessed from your servers
due to a data breach.
In some states, CPA firms can
be held liable for any cybersecurity
breaches should the breach expose
personal data, but even if your
firm is not legally responsible,
the resulting fallout from a data
breach at your firm can cost
hundreds of thousands of dollars,
not to mention the mass exodus of
clients sure to follow.
In years past, viruses were the
main threats to company computers, but hackers have become
much more resourceful in recent
years. The following are just a few
of the threats that businesses face
every day.
* Malware - More than a quarter
of all data breaches involve some
form of malware. Malware can
be used to steal or manipulate
valuable data stored on your
computer. Distributed as an email
attachment, random pop-ups and
via spam, malware can take many
forms, including Adware, Spyware,
Trojan Horse, Viruses, and Worms.
* Ransomware - Ransomware is
malware that affects your computer
by encrypting your files, with the
attacker than demanding a ransom
before they will restore access
to your data. Ransomware can
take many forms, and has been
known to fool many people. While

your first inclination may be to
pay the ransomware demanded,
payment does not guarantee that
the attacker will ever restore access
to your data files.
* Phishing - Another tactic used
by attackers is phishing. Phishing
accomplishes one of two things;
it provides access to sensitive
data stored on your computer,
or it downloads malware, which
can lead to a ransomware attack.
Phishing uses very credible looking
emails in the attack, with the email
designed to trick you into clicking
on a link or downloading an attachment. The problem is once you do,
the attackers now have control
of your data. Highly profitable for
hackers, there are phishing kits
available for purchase on the dark
web. Needless to say, phishing is not
going away anytime soon.
* Eavesdropping attacks - Because
of the amount of sensitive data
routinely shared between CPA firms
and clients, firms can be particularly vulnerable to eavesdropping
attacks. An eavesdropping attack
involves the theft of data by a third
party as the data is being shared
between two other parties. For
example, if your client is sharing
tax documents with you, the third
party intercepts the data as it's
being transmitted. Eavesdropping
happens on an unsecured network,
and frequently happens when using
public wi-fi, but attacks can happen
anywhere if network security isn't
up to par.

If you're using a cloud-based
application, you may assume
that your software provider has
the necessary security measures
in place, so there's no need to be
concerned. But it's important to
remember that even if your cloud
provider guarantees protection
against malware or other data
breaches, your firm is ultimately
responsible for safeguarding your
client's data.
The following are a few of the
things that any cloud-computing
provider should have in place.
Make sure that yours has the
following.
FIREWALLS - Firewalls ser ve as a
b a r r ie r b et w e e n
your network and
t he public. At it s
most basic, a firewall
should monitor all network traffic.
There are a variety of firewalls that
should be employed by your cloud
provider including a perimeter firewall
that provides additional security as
well as an internal firewall that is
designed to keep applications and
databases separated.
DATA ENCRYPTION
- Data encryption is
a necessity, for both
stored data as well
as transmitted data.
Because encrypted
data is encoded, it prevents unauthorized users from accessing and using
the data in some form.

MARCH 2021 ■

PHYSICAL SECURITY
- Data stored on servers should always be
protected. Using Tier
IV data centers helps
keep data safe by
providing armed security that patrol
the property around the clock, along
with controlled, secure access to the
building at all times. 24/7 monitoring
using closed circuit TV should also be
part of the security offered by your
cloud provider.
M ULTIPLE SERVERS - Two is always
b et t e r t ha n one,
at l e a s t w h e n i t
comes to ser ver s
that store data. By
using multiple servers in multiple
locations, your data is safeguarded
against atypical disasters such as fires,
floods, hurricanes, and other natural
disasters. For example, if the data
center storing your data is destroyed
in Florida, it won't matter because your
data is also stored on servers located
in Colorado.
Cloud applications can make
your life so much easier. But you
also need to ensure that the provider you're entrusting with your
customer's data can keep it safe
and secure. ■
Mary Girsch-Bock is a freelance
writer specializing in business
and technology issues and is the
author of her first book, several
HR handbooks, training manuals, and other in-house publications. She can be reached at
mary.girschbock@cpapracticeadvisor.com

www.CPAPracticeAdvisor.com

5


http://www.CPAPracticeAdvisor.com

march2021

Table of Contents for the Digital Edition of march2021

From the Editor: What Do You Hear When You Listen to Your Clients?
4 Tips for Firm Cyber Security in the Cloud
Get Off the Hackers' Hit List: Evolving Competencies for Finance Firms Today
From the Trenches: Client Experience for Today – Portals or Something More?
7 Tips to Prevent Tax Season Burnout
The Leadership Advisor: Security for a Work-From-Home World
The ProAdvisor Spotlight: Discover Two Key New Features in QuickBooks Online
The Labor Law Advisor: The Covid-19 Pandemic and Worker Mental Illness
The Millennial Advisor: Stop Selling: Who Needs Help?
The Staffing & HR Advisor: Finance Employment Trends in the Covid-19 Era
Apps We Love: Games
5 Reasons to Conduct a Retreat in 2021
Stay 3 Steps Ahead: Actionable Tips to Help You Prepare for a Turbulent Tax Season
AICPA News
Bridging the Gap: 4 Keys to Successful Technology Planning
march2021 - 1
march2021 - 2
march2021 - 3
march2021 - From the Editor: What Do You Hear When You Listen to Your Clients?
march2021 - 4 Tips for Firm Cyber Security in the Cloud
march2021 - Get Off the Hackers' Hit List: Evolving Competencies for Finance Firms Today
march2021 - 7
march2021 - From the Trenches: Client Experience for Today – Portals or Something More?
march2021 - 9
march2021 - 7 Tips to Prevent Tax Season Burnout
march2021 - 11
march2021 - The Leadership Advisor: Security for a Work-From-Home World
march2021 - The ProAdvisor Spotlight: Discover Two Key New Features in QuickBooks Online
march2021 - The Labor Law Advisor: The Covid-19 Pandemic and Worker Mental Illness
march2021 - The Millennial Advisor: Stop Selling: Who Needs Help?
march2021 - The Staffing & HR Advisor: Finance Employment Trends in the Covid-19 Era
march2021 - 17
march2021 - Apps We Love: Games
march2021 - 19
march2021 - 5 Reasons to Conduct a Retreat in 2021
march2021 - Stay 3 Steps Ahead: Actionable Tips to Help You Prepare for a Turbulent Tax Season
march2021 - AICPA News
march2021 - Bridging the Gap: 4 Keys to Successful Technology Planning
march2021 - 24
https://www.nxtbook.com/endeavor/cpapracticeadvisor/december2022
https://www.nxtbook.com/endeavor/cpapracticeadvisor/octobernovember2022
https://www.nxtbook.com/endeavor/cpapracticeadvisor/august2022
https://www.nxtbook.com/endeavor/cpapracticeadvisor/june2022
https://www.nxtbook.com/endeavor/cpapracticeadvisor/april2022
https://www.nxtbook.com/endeavor/cpapracticeadvisor/december2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/november2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/october2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/september2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/august2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/july2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/june2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/may2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/april2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/march2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/february2021
https://www.nxtbook.com/endeavor/cpapracticeadvisor/december2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/CPA_Practice_Advisor_November_2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/october2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/september2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/august2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/CPA_Practice_Advisor_July_2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/CPA_Practice_Advisor_June_2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/may2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/CPA_Practice_Advisor_April_2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/CPA_Practice_Advisor_March_2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/february2020
https://www.nxtbook.com/endeavor/cpapracticeadvisor/december2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/november2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/october2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/september2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/august2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/july2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/june2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/may2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/april2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/march2019
https://www.nxtbook.com/endeavor/cpapracticeadvisor/february2019
https://www.nxtbookmedia.com