Cybersecurity for CPAs
Accounting professionals know that data security is a more urgent concern than ever. CPAs possess clients’ most sensitive personal and financial details, so it’s no surprise they’ve become prime hacking targets. Dustin Hall, a cybersecurity expert and director of CPACharge, recommends the following security tips to CPAs.
Q Cybersecurity is an extremely broad topic. What do you recommend people tackle as a first step?
A There are definitely some easy, small changes that firms can make that have a huge impact on overall security. Probably the biggest of these is tightening up passwords.
Q Does this mean you should not use the same password across multiple machines or tools?
A Definitely — but there’s more to creating secure passwords. We usually recommend that all users in a CPA firm start using a password manager, which provides a secure way to generate and store passwords for various devices and applications. A password manager generates a different, strong password any time you need one, and you only need to remember a single, master passphrase to gain entry to your password manager. Basic password managers will secure and store passwords for a single device, while more advanced software tools will allow a single user to manage passwords across multiple devices. However, your password manager will only be as secure as the password you create for it. You’ll want to create a sophisticated passphrase for your password manager.
Q What makes a passphrase different from a password?
A A passphrase is a much more complicated and difficult-to-hack password. A strong passphrase should use upper- and lowercase letters; mix punctuation and numbers; use a minimum of 12 characters; not use anything that’s a word, slang phrase, or acronym in any language; and not include personal information, such as birthdays, Social Security numbers, or family names. Let your password manager generate a unique password every time a new website, application, or device asks you to create a password. Store this password in the manager with the name of the site or device the password is for, as well as your username.
Q What else do you suggest?
A In addition to using a password manager, you can also enable multifactor authentication (MFA), also known as two-factor authentication. MFA requires you to supplement a username and password with a code that’s generated in real time and is sent to you via a separate device, usually a mobile phone. Without both your password and your unique authentication code, an attacker won’t be able to access your accounts.
For more information about CPACharge, an AICPA member discount partner, visit aicpa.org/cpacharge.
Dustin Hall is director of CPACharge, an Austin, Texas-based company that specializes in payment processing solutions for financial professionals. His primary areas of expertise are in digital marketing, sales, and project management technologies, including integrations and security best practices.
CPACharge is an online payment solution that’s trusted by more than 150,000 professionals and 35+ state CPA societies and offered by the AICPA as its exclusive member discount partner for online payments — providing a simple, secure way for firms to accept client credit, debit, and eCheck payments online.