The A-ha Moment that Redefined My Firm’s Security and Compliance Priorities

Dawn Brolin, CPA, CFE, The Designated Motivator for Accounting Professionals

We’re coming up on almost six months since the last Scaling New Heights conference, but I still vividly remember the moment at that event when my entire view of how to secure my own firm and handle data security requirements changed for good, and for the better. It was during a keynote given by Swizznet’s Chief Technology Officer Wes Stillman when the a-ha moment happened.

Wes talked about the need for accounting firm owners to not just put everything in the cloud, but to proactively address threats and risks such as these:

1. Malware – Over 90% of all cyberattacks start with a phishing email. Once you download malware the attacker can steal passwords, track keystrokes, or gain access to sensitive client data in your computer systems.
2. Viruses A type of malware that inserts itself in legitimate programs and self-replicates into other programs on the host system. That means if you click on an email or download and it has Malware, without the appropriate protection on your computer you are going to have some real challenges on your hands!
3. Ransomware – Ransomware is malicious software that encrypts data files by preventing access to them. The data is encrypted with a cryptography key that prevents you from having access to the data. In most cases, a hacker threatens to delete your data if you do not pay the ransom within a specific time period, thus preventing you from attempting to repair the files.
4. Phishing A type of cyber attack where an attacker masquerades as a legitimate organization or individual to trick victims into opening a link or attachment that contains ransomware. Think about the number of emails your staff open on a daily basis…and that you do, too, if it looks legit it can be hard to remember that the threat is right there in front of you before it’s too late.

These are just a few of the many ways that your firm (and your clients could be affected). This list doesn’t even include texts, unsecured emails, your staff, and all of your clients and the risks their behavior can create. This is why working with a partner to implement safeguards to defend your firm should be non-negotiable.

Bottom line: All accounting professionals need to develop and implement a comprehensive security plan for their firm.

How’s Your Firm’s Swing Through on Cybersecurity?

When Wes said this, I realized that as locked down as I thought my firm was, I was in fact, a long way away from where I needed to be. Essentially, to put it in the context of my Team Brolin Starting Lineup tech stack softball analogy, I had no swing through in my cybersecurity strategy. I was, in fact, hitting a pop fly when it came to being proactive.

To be fair, I wasn’t oblivious to the fact that the threats to my firm and every other business on the planet are growing exponentially every single day. I had also been preaching about the benefits of working in the cloud and the need to do so from a business continuity perspective, but something was missing. I wasn’t doing enough to protect my firm from the threat sources that Wes outlined. Because in reality, as accounting and tax professionals, unless we are putting the necessary safeguards in place, we are, in fact, sitting ducks when it comes to cybercrimes targeting taxpayers and loads of other sensitive information. 

Another point that Wes raised when he spoke that really hit home for me? The need for accounting professionals to think beyond simply having cyber insurance and to actually implement the IRS data security plan that is required. 

We may have cybersecurity insurance, and that’s all well and good, but if you look carefully at your policy, you’re likely to see many caveats about what you need to be doing to protect your firm and be able to actually make a claim. A key part of many policies is a data security plan. And, speaking of ethics and eliminating as many risks as possible, as an accounting professional if you have a PTIN or are a CPA it is a non-negotiable. In addition, you have to implement it. 

Tune in for “Going from A-ha to Action: My Journey to Ultimate Security and Compliance” 

Are you feeling overwhelmed at the prospect of trying to do that cybersecurity swing through to address what I have shared above? I have to admit, when I left Wes’s presentation I was feeling that way, but then I started talking to the Swizznet team and I tell you, they really hit a home run for me when they shared all of the ways they work with accounting firms to secure their entire ecosystem and keep it that way. Plus, they know all of the technology that my firm uses inside and out because they specialize in accounting firm technology. Heck, their support team members are all QuickBooks ProAdvisors! Amazing!

I am going to be sharing my journey so far in taking care of all of the potential vulnerabilities that Swizznet’s Obsessive Support® Team identified for me in a webinar on April 26. I really hope you will register and tune in because this is just too important.to let slide. The future of your firm’s business continuity, brand, and of course, your client’s security are all tied to not only how alert we are to the threats, but how well we put our cybersecurity plan into action.