march2021 - 5

FEATURE

4 TIPS for Firm Cyber Security in the Cloud
By Mary Girsch-Bock

AS MORE CPA firms turn to cloud-based applications, the need to keep
the firm's data secure becomes a more pressing concern. And with the
level of confidential data retained by CPA firms, is it any wonder that
they remain a particularly attractive target for computer hackers?
Just for a moment, imagine the
conversation you would have with
your clients when you had to inform
them that their personal data had
been accessed from your servers
due to a data breach.
In some states, CPA firms can
be held liable for any cybersecurity
breaches should the breach expose
personal data, but even if your
firm is not legally responsible,
the resulting fallout from a data
breach at your firm can cost
hundreds of thousands of dollars,
not to mention the mass exodus of
clients sure to follow.
In years past, viruses were the
main threats to company computers, but hackers have become
much more resourceful in recent
years. The following are just a few
of the threats that businesses face
every day.
* Malware - More than a quarter
of all data breaches involve some
form of malware. Malware can
be used to steal or manipulate
valuable data stored on your
computer. Distributed as an email
attachment, random pop-ups and
via spam, malware can take many
forms, including Adware, Spyware,
Trojan Horse, Viruses, and Worms.
* Ransomware - Ransomware is
malware that affects your computer
by encrypting your files, with the
attacker than demanding a ransom
before they will restore access
to your data. Ransomware can
take many forms, and has been
known to fool many people. While

your first inclination may be to
pay the ransomware demanded,
payment does not guarantee that
the attacker will ever restore access
to your data files.
* Phishing - Another tactic used
by attackers is phishing. Phishing
accomplishes one of two things;
it provides access to sensitive
data stored on your computer,
or it downloads malware, which
can lead to a ransomware attack.
Phishing uses very credible looking
emails in the attack, with the email
designed to trick you into clicking
on a link or downloading an attachment. The problem is once you do,
the attackers now have control
of your data. Highly profitable for
hackers, there are phishing kits
available for purchase on the dark
web. Needless to say, phishing is not
going away anytime soon.
* Eavesdropping attacks - Because
of the amount of sensitive data
routinely shared between CPA firms
and clients, firms can be particularly vulnerable to eavesdropping
attacks. An eavesdropping attack
involves the theft of data by a third
party as the data is being shared
between two other parties. For
example, if your client is sharing
tax documents with you, the third
party intercepts the data as it's
being transmitted. Eavesdropping
happens on an unsecured network,
and frequently happens when using
public wi-fi, but attacks can happen
anywhere if network security isn't
up to par.

If you're using a cloud-based
application, you may assume
that your software provider has
the necessary security measures
in place, so there's no need to be
concerned. But it's important to
remember that even if your cloud
provider guarantees protection
against malware or other data
breaches, your firm is ultimately
responsible for safeguarding your
client's data.
The following are a few of the
things that any cloud-computing
provider should have in place.
Make sure that yours has the
following.
FIREWALLS - Firewalls ser ve as a
b a r r ie r b et w e e n
your network and
t he public. At it s
most basic, a firewall
should monitor all network traffic.
There are a variety of firewalls that
should be employed by your cloud
provider including a perimeter firewall
that provides additional security as
well as an internal firewall that is
designed to keep applications and
databases separated.
DATA ENCRYPTION
- Data encryption is
a necessity, for both
stored data as well
as transmitted data.
Because encrypted
data is encoded, it prevents unauthorized users from accessing and using
the data in some form.

MARCH 2021 ■

PHYSICAL SECURITY
- Data stored on servers should always be
protected. Using Tier
IV data centers helps
keep data safe by
providing armed security that patrol
the property around the clock, along
with controlled, secure access to the
building at all times. 24/7 monitoring
using closed circuit TV should also be
part of the security offered by your
cloud provider.
M ULTIPLE SERVERS - Two is always
b et t e r t ha n one,
at l e a s t w h e n i t
comes to ser ver s
that store data. By
using multiple servers in multiple
locations, your data is safeguarded
against atypical disasters such as fires,
floods, hurricanes, and other natural
disasters. For example, if the data
center storing your data is destroyed
in Florida, it won't matter because your
data is also stored on servers located
in Colorado.
Cloud applications can make
your life so much easier. But you
also need to ensure that the provider you're entrusting with your
customer's data can keep it safe
and secure. ■
Mary Girsch-Bock is a freelance
writer specializing in business
and technology issues and is the
author of her first book, several
HR handbooks, training manuals, and other in-house publications. She can be reached at
mary.girschbock@cpapracticeadvisor.com

www.CPAPracticeAdvisor.com

5
http://www.CPAPracticeAdvisor.com
march2021

Table of Contents for the Digital Edition of march2021
