COVID changed accounting workflows forever. Virtually overnight, firms were forced to adopt remote access technology at a pace never seen before.
In their haste, accounting professionals jumped on whatever technologies were available to them based on the following:
- What they understood about remote technologies at that time.
- What their technical resources were advising them to do.
Accounting firms needed to retrofit nearly every workflow—and fast. Whether entering client documents, video collaboration or adopting digital payment systems, their focus was simply to get the work done.
97% of employees want a hybrid or remote work option
The pandemic may have forced people to work remotely and accelerated the adoption of remote access tools, but the continuation of remote workflows has been entirely driven by the people.
A FlexJobs survey found that 97% of employees want some kind of hybrid (46%) or remote (51%) work option. According to Accounting Today, nearly 13% of full-time employees work from home, and another 28% work in a hybrid model.
Accounting workflows have changed forever
Going remote has fundamentally changed how accounting firms work. The continual stream of new process adoption has created an environment where technological evolution is expanding faster than ever before.
Unfortunately, security wasn’t considered in this rush to transition accounting workflows.
In the pandemic days, there was simply no time for traditional due diligence. And now, accounting firms may be too comfortable in their current state. If the process is working, why change anything about it?
Two big reasons why you should secure your remote workflows
1. Cyberhackers noticed accounting workflows aren’t secure
Cyberhackers noticed this rapid and sometimes careless workflow evolution and application adoption. According to Forbes, ransomware and phishing schemes have soared, with hackers coming after small and medium-sized businesses.
In particular, they’re targeting medical, legal, government and financial organizations for their vast amounts of personally identifiable information (PII). Compromised PII can be monetized via ransomware, extortion or by simply selling the data on the dark web.
2. Accounting professionals hold vast amounts of PII data
While there is an assumption that small accounting practices aren’t worth targeting, that’s simply not true. Criminal organizations are using automated tools to target any vulnerability at any size firm, especially smaller-sized firms that typically don’t have enterprise-level safeguards in place.
These black hat hackers are looking for vulnerabilities everywhere, checking:
- Accounting firms’ servers
- Wi-Fi routers
- Mobile devices
- Individual applications
- Operating systems
- Web browsers
- Security applications (yes—even the security apps you use to try and protect yourself)
In essence, any piece of hardware or application not being actively monitored and updated is a potential target. Every size accounting firm—from sole practitioner up to the Big Four—is a target.
Securing your data and accounting workflows has never been more critical. And today, it is mandatory…
Accounting firms are required to protect their data
“Federal Trade Commission regulations require professional tax preparers to create and enact security plans to protect client data.” IRS
IRS “Security Six” requirements
Review these two IRS resources for a comprehensive guide about IRS.gov security details and recommendations:
- IRS Publication 4557, Safeguarding Taxpayer Data PDF.
- IRS Publication 5293, Data Theft Resource Guide for Tax Professionals PDF.
The IRS “Security Six” requirements include having antivirus software, firewalls, multifactor authentication, backups, encryption and a VPN (virtual private networks).
In addition to following the IRS “Security Six,” accountants are required to:
- Attend security and phishing training.
- Have a Written Information Security Plan (WISP).
It’s also important to review and update remote work policies to ensure they incorporate any new technology, applications and processes.
Accounting firm IT personnel can’t keep up with cybersecurity requirements
Most often, cybersecurity requirements are outside the expertise of accountants. Their primary focus is keeping up with servicing their day-to-day clients, as it should be.
And even if you had some level of knowledge about securing client data, there are more than one hundred bullet points on how to protect that data in IRS Publication 4557 and 5293 alone.
Internal IT teams are often understaffed and too busy meeting the day-to-day support needs…leaving security as an afterthought. With threats evolving so rapidly, keeping up with them and figuring out how to remediate them is a full-time job.
The only way to truly stay ahead of threats is by investing in enterprise-class resources. Unfortunately, for most practices, the cost of these resources is limiting.
To help, we recommend partnering with a managed cloud provider whose focus is:
- Security requirements for accounting firms.
- Layering security best practices into production workflows and client interactions.
Most cloud providers are able to give their customers access to enterprise-class security without the hefty sticker price, but it’s important to do your own due diligence.
For more information about protecting your accounting firm, download our data security guide today.
