Christopher Rivera     Dec 14, 2018     1885

Data Breach - Recovery Tips for Accounting Firms

If you are an accounts or finance professional and are in possession of sensitive client data, then it is quite evident that you are at the top target of data thieves. More often than not, accountants keep coming under the scanners of hackers and evidently become a victim of cyber security attacks. Once ranked as the best cyber security consultant in the world, even Deloitte admitted in March 2017 to be one such victim, apparently indicating that you always have got to have a plan B in place if things go wrong. If a company like that can be attacked, anyone can. More importantly, each breach leaves a lingering, if not lasting, imprint on an enterprise’s brand. However, the best thing to do in this situation is to recover as fast as it could be. With proper response planning and vigilant approach the recovery could be faster and a lot of damage can be saved.  

Evaluate the severity and scope of the incident. If a laptop computer or other portable device is lost or stolen, identify the data that may have been exposed, and determine whether these materials are protected by password or encryption. Consider engaging forensic information technology experts to determine the scope of the problem. In addition, if the possibility of identity theft or other criminal activity is present, inform appropriate law enforcement agencies of the situation.

Having an incident response plan: As soon as a data breach is discovered, the response plan must get in action. Generally the best approach is to take all the working devices offline and deploying the IT team (or consultant) in action. The most important information to find out as quickly as possible is the exact nature of the breach, the extent of the damage, and who’s responsible for the breach. When creating your response plan, you may want to create responses for a few different levels of data breaches, with detailed response steps laid out for each type of breach. This plan should outline what you need to do and whom you need to contact after a data breach. It should be a step-by-step guide to what you need to do to comply with state and federal laws and inform affected customers about the incident.

Informing the potentially affected clients: A very important and critical decision to inform the client about such mishaps. Although it is understood that your firm’s credibility could be at risk but it has to be done anyways. That's because data breaches aren't just about lost data. They're about lost trust. And small accounting firms rely on that trust to maintain their client base. When you've built up a client base over years of hard work and have to inform them that their Social Security numbers and financial records are now in the hands of criminals looking to commit fraud

Deploy Software Defines Perimeter services Enterprises need to constantly assess the latest advancements in network security as well. Software-Defined Perimeter (SDP) services, for example, block communications between enterprise applications and end user devices from potential attacks through the Internet. SDP reduces security risks over the Internet by making critical applications and resources invisible to everyone until the end users and devices are authenticated and authorized. Such advancements are designed to reduce potential data breach incidents as more companies adopt new technology. Moreover, during the recovery process, one should learn from the past incidents and make sure to follow more stringent protocols to not let such havoc repeat itself again. Some of the steps that can be taken are:

  • Require two-factor authentication for access to email from the Internet.
  • Require Virtual Private Network (VPN) access for telecommuter and travelers accessing company networks. Encourage travelers to note travel device usage times, locations, and other details including connections and accounts used.
  • Limit administrative access for employees to their devices; if admin access is required for job function, enact a policy restricting use or installation of non-approved third-party apps.
  • If possible, provide employees with travel devices that can be rebuilt upon return; limit access from these devices and keep known baselines to expedite digital forensic review.

We also suggest having a few practices and policies in place to avoid such mishaps coming your way, such as keeping operating systems, antiviruses, firewalls updated; having strong password policy, usage of secure devices with tracking facility; backup data must also be encrypted, etc. A lot of troubles can be escaped through if you have trained employees and limited admin rights. The more you are informed, the better you are secured.

Entigrity™ is a trusted offshore staffing partner to over 500+ accountants, CPAs and tax firms across the US and Canada. Our flexible and transparent hiring model gives helps firms of all sizes to hire staff for accounting, bookkeeping, tax preparation or any other task for 75% less cost. As a firm 'run by accountants, for the accountants', Entigrity captures the hiring needs of accounting firms most precisely, providing staff that works directly under your control and management, still you are left with least to worry about compliance, payroll taxes, overheads or any other benefits.

About The Author

Christopher Rivera

Director, Client Relations

Christopher Rivera, Chris serves as a Director of Client Relations and Business Development at Entigrity. He is an expert at leading and managing teams actively from the front. His expertise in sales, training, coaching, mentoring and influencing combined with his competitive nature makes him a strong leader.  Chris has traveled through the length and width of the country and has spoken with more than five thousand CPAs, understanding their challenges and limitations. On the grounds of that, he can now easily provide opinions and solutions that can be immensely helpful to the professionals. He has also represented Entigrity at a number of major accounting conferences and networking events.

Recent Posts

Top 5 accounting outsourcing problems and solutions
  • 137
  • Christopher Rivera
  • Sep 26, 2023
Top 5 accounting outsourcing problems and solutions

Expert insights and practical advice for successful accounting outsourcing

Only 1% of U.S. Accounting firms can find staff
  • 330
  • Shawn Parikh
  • Sep 19, 2023
Only 1% of U.S. Accounting firms can find staff

Only 1% of U.S. Accounting firms can find staff

Outsourced Accounting: A Guide for Accounting Firms
  • 474
  • Christopher Rivera
  • Sep 12, 2023
Outsourced Accounting: A Guide for Accounting Firms

A guide for accounting firms to make the most of Accounting Outsourcing

I hope you enjoy reading this blog post.

If you want our team to help you get massive growth for your accounting firm, just book a call.

Subscribe Now