Cybersecurity for CPAs
Accounting professionals know that data security is a more urgent concern than ever. CPAs possess clients’ most sensitive personal and financial details, so it’s no surprise they’ve become prime hacking targets. Dustin Hall, a cybersecurity expert and director of CPACharge, recommends the following security tips to CPAs.
Q. Cybersecurity is an extremely broad topic. What do you recommend people tackle as a first step?
A. There are definitely some easy, small changes that firms can make that have a huge impact on overall security. Probably the biggest of these is tightening up passwords.
Q. Does this mean you should not use the same password across multiple machines or tools?
A. Definitely — but there’s more to creating secure passwords. We usually recommend that all users in a CPA firm start using a password manager. Password managers provide a secure way for you to generate and store passwords for your various devices and applications. A password manager generates a different, strong password any time you need one, and you only need to remember a single, master passphrase to gain entry to your password manager. Basic password managers will secure and store passwords for a single device, while more advanced software tools will allow a single user to manage passwords across multiple devices. It’s worth noting, however, that your password manager will only be as secure as the password you create for it. To ensure security, you’ll want to create a sophisticated passphrase for your password manager.
Q. What makes a passphrase different from a password?
A. A passphrase is a much more complicated and difficult to hack password. To create a strong passphrase, you’ll want to use both upper- and lowercase letters; mix punctuation and numbers into your passphrase; use a minimum of 12 characters; not use anything that’s a word, slang phrase, or acronym in any language; not include any personal information, such as birthdays, Social Security numbers, or family names; and let your password manager generate a unique password for you every time a new website, application, or device asks you to create a password. Store this password in the manager with the name of the site or device the password is for, as well as your username.
Q. What else do you suggest?
A. In addition to using a password manager, you can also enable multifactor authentication (MFA), also known as two-factor authentication. MFA requires you to supplement a username and password with a code that’s generated in real time and is sent to you via a separate device, usually a mobile phone. Without both your password and your unique authentication code, an attacker won’t be able to access your accounts.
For more information about CPACharge, an AICPA member benefits partner, visit cpacharge.com.
Dustin Hall is director of CPACharge — an Austin, Texas-based company that specializes in payment processing solutions for financial professionals. His primary areas of expertise are in digital marketing, sales, and project management technologies, including integrations and security best practices.
CPACharge is an easy-to-use practice management tool trusted by more than 60,000 successful professionals and 25+ state CPA societies, developed exclusively for CPAs to help manage payments and grow revenue in their practice.