Skip to content
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • Engage 365 Communities
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • Drafting an AI policy that actually works
    • What AI agents mean for CPA firms
    • A guide to fighting AI-fueled AP/AR fraud

  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • IRS designates certain CRAT arrangements as listed transactions
    • Eligible taxpayers to get automatic IRS penalty relief
    • IRS adds online option, details for Kwong-related refund claims
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • A CPA playbook to help prevent disaster fraud
    • IRS designates certain CRAT arrangements as listed transactions
    • Eligible taxpayers to get automatic IRS penalty relief
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC shares 3 goals in proposed 2026–2030 strategic plan
    • SEC proposes rescission of climate disclosure rules
    • SEC proposes semiannual reporting option for public companies
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • PCAOB consultation process offers new options for firms seeking guidance
    • Standardization of sustainability reporting improves, but obstacles remain
    • How to monitor a firm’s system of quality management
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • How to handle increased enforcement of unclaimed property notices
    • Standardization of sustainability reporting improves, but obstacles remain
    •  What it takes for a CFO to lead operations and tech
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

6 steps to shore up your technology defenses

A spring cleanup can help prevent summertime cybersecurity blues.

by Joel Lanz, CPA/CITP/CFF, CGMA
May 31, 2016

Please note: This item is from our archives and was published in 2016. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

May 15, 2016

Be vigilant about cybersecurity, warns former FBI agent

May 1, 2016

IP PINs: Fraud protection places duties on preparers

April 1, 2016

5 steps CPAs can take to fight hackers

TOPICS

  • Technology
    • Information Security & Privacy
  • Firm Practice Management

Surviving busy season, whether in public practice or corporate accounting, requires task prioritization. With the pressure to get things done, operational controls are sometimes relaxed to facilitate performance or service delivery. When it comes to cybersecurity and the protection of information, businesses of all types face the continuous challenges of balancing security with the need to make technology services available. Now that busy season is over and you’ve had a few weeks to recover, it’s time to do some late spring cleaning by updating critical controls and closing backdoors that can increase your or your company’s exposure to potential cybersecurity attack damages.

Clean out the user access list

Periodically reviewing the user access list is a familiar risk-mitigation strategy, and many organizations already have a policy to review these lists periodically for terminated employees. Cleaning the list should also include determining who is accountable for the use of each individual user ID. For example, in the rush to get things done, user IDs are sometimes assigned generically (e.g., “Training1” rather than a specific user name). This can result in the sharing of user IDs and the reduction of accountability over use of those IDs. The list should also be reviewed to ensure the user access list continues to enforce intended organizational segregation of duties.

Remove unneeded system administrators

System administrators are the power users of your systems. Sometimes, to install software or remotely support your technology operations, vendors may be given these privileges on an emergency or short-term basis to help resolve production issues. Frequently, vendor personnel may share client user IDs and passwords among their staff. Other “emergency system administrators” can include special use “software installation IDs,” supposedly one-time-use IDs just for installing software. Over time, these privileged user IDs are forgotten, yet their ability to manage the entire network and system remain. All system administrators should be accounted for, reconciled to approved use, have their activity monitored, and have their privileges promptly removed when their necessity expires.

Update software with critical security patches

Patches are typically fixes that a vendor provides to update or repair its software. Frequently, these updates or repairs are used to fix security risks that can be exploited. Yet, the risk to apply the patch needs to be weighed against the risk that, if the patch were applied, it could negatively impact the availability of systems. This is why many businesses choose to delay the implementation of these patches to a less busy time. Sometimes, patches are delayed because another vendor’s software may not operate properly if the patch is applied. Yet, these patches should not be delayed longer than necessary as recent reports have suggested that many cybersecurity attacks succeed because the attackers have taken advantage of patches issued more than a year earlier. Outstanding patches should be inventoried, and target dates for remediation assigned and monitored.

Advertisement

Remove old or unused software and hardware

It’s one thing to monitor for, manage, and assume security risks for software or hardware that a business needs. However, many organizations have software on their system or hardware attached to their network that is no longer used or needed. These could be remnants of trial software, software whose licenses have expired, or hardware kept “just in case.” These create tremendous cybersecurity risks as their existence on the system is frequently forgotten and their use is not monitored. Patches may not be applied, often creating attractive cyberattack targets. These resources should be reviewed against current invoices to ensure that your organization is not paying for maintenance or warranties that are no longer required. And while you are at it, make sure your inventories of what is on the network and what should be there match.

Test backups and update recovery plans

Many organizations already appreciate the need for backups, yet they frequently do not test these backups to ensure they work properly. Changes in applications, operating systems, and network architecture could render the previous modes and formats of backups useless. Plans need to incorporate changes in people, processes, and an ever-changing technology landscape. Additionally, new products and changes in service delivery can also dramatically impact recovery strategies. Current and effective backup and recovery strategies continue to be cited as a critical control to mitigate the risks from increasing cyberattacks. Backups and plans should be tested at least annually and more frequently as their risk impact dictates.

Update breach response and insurance coverage

Breaches continue to increase and are becoming more of a business threat. Many industry breach incident analysis reports are issued in the first quarter of the calendar year, incorporating new breaches and preventive strategies from the previous year. Organizations should update their breach response plans to incorporate the latest practices and defenses. Additionally, as insurance coverage evolves to reflect a more competitive marketplace, evaluation of the price competitiveness and coverage of existing policies should be performed. Policies should be reviewed and company compliance with any underwriting assumptions or clauses confirmed.

By investing the time and performing a spring cleanup on your technology assets, you and your organization will help reduce the probability of spending your summer recovering from a cybersecurity incident.

Advertisement

Joel Lanz, CPA/CITP/CFF, CGMA, CISA, CISM, CISSP, CFE, is the founder and principal of Joel Lanz, CPA PC, a niche CPA practice focusing on information assurance, technology risk management, and security. He also chairs the AICPA Information Management and Technology Assurance Executive Committee and is an adjunct professor in the business school at The State University of New York at Old Westbury in Old Westbury, N.Y.

Advertisement

latest news

July 9, 2026

IRS designates certain CRAT arrangements as listed transactions

July 8, 2026

Eligible taxpayers to get automatic IRS penalty relief

July 7, 2026

Scam stoppers: 5 ways CPAs can help older clients fight financial fraud

July 6, 2026

IRS adds online option, details for Kwong-related refund claims

July 6, 2026

PCAOB consultation process offers new options for firms seeking guidance

Advertisement

Most Read

Eligible taxpayers to get automatic IRS penalty relief
IRS adds online option, details for Kwong-related refund claims
Self-directed IRAs: A tax compliance black hole
IRS seeks examples of incorrect CP53E notices
How to build reusable Skills in Anthropic's Claude AI
Advertisement

Podcast

July 9, 2026

From estate planning to AI: Managing CPA liability

July 2, 2026

The AICPA’s CEO on trust, AI, and the profession’s future

June 25, 2026

Midyear advocacy update: STEM, BOI, taxes and licensure

Features

Start in high school to strengthen the accounting profession

Start in high school to strengthen the accounting profession

Accountancy in America: Meeting the moment for 250 years

Accountancy in America: Meeting the moment for 250 years

A guide to fighting AI-fueled AP/AR fraud

A guide to fighting AI-fueled AP/AR fraud

How to handle increased enforcement of unclaimed property notices

How to handle increased enforcement of unclaimed property notices

How to tame funding volatility in not-for-profits

How to tame funding volatility in not-for-profits

What AI agents mean for CPA firms

What AI agents mean for CPA firms

FROM THIS MONTH'S ISSUE

Drafting an AI policy that actually works

As AI use accelerates, many firms are discovering their policies haven’t kept pace. This article breaks down what CPAs and finance leaders should consider when drafting an AI policy that’s practical, flexible, and fit for real world use.

From The Tax Adviser

June 30, 2026

Condo casualty losses: Deductions for common-interest property

May 31, 2026

Trust distributions: Timing, tax, and practical considerations

May 31, 2026

Current developments in taxation of individuals: Part 3

April 30, 2026

Current developments in taxation of individuals: Part 2

MAGAZINE

July 2026

July 2026

June 2026

June 2026

May 2026

May 2026

April 2026

April 2026

March 2026

March 2026

February 2026

February 2026

January 2026

January 2026

December 2025

December 2025

November 2025

November 2025

October 2025

October 2025

September 2025

September 2025

August 2025

August 2025

view all

View All

PUSH NOTIFICATIONS

Learn about important news

This quick guide walks you through the process of enabling and troubleshooting push notifications from the JofA on your computer or phone.

CPA LETTER DAILY EMAIL

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • JofA on X
  • JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2026 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.