Mid-market accounting firms must bulk up security
September 19, 2014

Leaders at mid-market Canadian accounting firms have to be especially careful when it comes to protecting their assets. These aren't startups, and most don't have a lot of revenue in the beginning years and therefore don't have that lucrative of a payout for hackers. On the other hand, they aren't massive firms, which often have the best and most stringent network tools to protect infrastructure from criminals.

Mid-market firms fall somewhere in between and are often caught in a sticky situation - they're attractive to hackers because they've started to turn a profit and store a lot of sensitive client data, and they usually don't have impenetrable firewalls. 

So what should these mid-sized accounting firms do to make sure they stay safe from those who would want to do them harm? After all, they don't have the privilege of turning their heads, thanks to the evolution from their early days as a startup, and hackers' tactics are forever getting harder to stop.

Secure email
There are plenty of things managers can do to make sure employees aren't giving away sensitive information via their inboxes. For instance, making multi-level authentication to sign into inboxes should be mandatory, as should classes or seminars on how to recognize phishing attacks and other harmful tactics.

Moreover, encrypting communications and attachments should be something required by firms. For mid-market companies with many clients, email might be a primary form of staying in contact with clientele - these messages have to remain secure at all times.

Make it a priority
Accountants at mid-market firms may be first and foremost concerned with providing clients with a worthwhile service, and are always willing to go above and beyond when filing taxes, doing audits, providing consultations and so on. However, as shown by a mid-2013 survey released by the AICPA and CPA Canada, "securing the IT environment" is a big priority across the board. However, that was overshadowed by "managing and retaining data" last year, so firms need to make sure that as hackers get smarter and more stealthy, data protection doesn't fall by the wayside.

Don't forget about the physical
While many firms are taking their services primarily online, thanks to advances constantly being made in accounting software and digital platforms, administrators can't afford to forget to shore up their physical protections. Mid-market businesses tend to have relatively large offices, many times with computers and file cabinets therein. It might be time to install closed-loop cameras and/or hire a night security team to make sure criminals don't get away with physical assets. 

Nexus: G-WEBCD4