• News & Resources
• Technical Resources
  • Tax
    • CCH Online Tax Research
    • SALT Resources
    • Tax Podcasts
    • CCH Tax Deadline Calendar
    • Tax Communities
  • Audit
    • Single Audit Resources
  • Beneficial Ownership Information
  • Cannabis
  • QM Standards
• Business Resources
  • Human Resources
    • HR Hotline
    • HR Webinar Archive
    • HR Assessment
    • HR Articles
    • Sample HR Documents
    • Return to Work Resources
  • Data Privacy and Protection
• Accounting Firm Management
  • Small Firm Special Interest Section
  • Client Letters
  • Engagement Letters
  • Client Record Retention Guidelines
  • MAP Survey
    • Download Results
  • Customized CPE Training
  • Career Center
• Publications
  • Footnote
    • Issue Archive
    • Regular Columns
    • Articles by Topic
    • Write for the MNCPA
  • eNewsletters
    • This Just In
    • Legislative Digest
    • Firm Administrator Bulletin
    • Accounting Educator
    • Student eNews
  • CPA Stories
  • MNCPA Perspectives
    • Topics
    • Authors
    • Archive
  • Tax Podcasts
    • Archive
  • Articles by Topic
• Wellness Resources
  • Step Challenge
    • Step Challenge FAQs
  • Wellness Webinars
• Knowledge Hub
• Webinar Archive
• Rules & CPA Certification
  • CPE Log
  • CPE Rules
  • CPA Certificate Information
    • Applying for Your Certificate
    • First Year Requirements
    • Certificate Renewal
  • Certificate Status
    • Active vs. inactive: What's the Difference?
    • Convert to Active CPA
    • Love Your CPA Letters?
    • Retired CPA Status
    • Videos
  • Firm Requirements
    • Firm Permit Renewal
    • Firm Name Changes
  • MNCPA and BOA Differences
  • Preparing for the CPA Exam
    • Educational Requirements
    • Experience Requirements
    • Applying to Take the Exam
    • Becoming a CPA FAQ
  • FAQ
• Peer Review
  • PRIMA info
  • Review Process
  • Fees
  • Pay Peer Review Invoice
  • Find a Reviewer
  • Become a Peer Reviewer
  • AICPA Resources
  • FAQ
• Press Room
  • MNCPA Overview
    • About the MNCPA
    • Leadership Bios
      • Board Chair
      • President and CEO
  • MNCPA in the News
  • Connect with a Media Spokesperson
  • MNCPA Logo Usage
• Professional Ethics
  • Ask an Ethics Question
  • Filing an Ethics Complaint
  • Responding to an Ethics Complaint
  • Professional Ethics Resources

3 ways to protect your accounting clients’ data

CPACharge — Business Perspective

Hannah Bruno | August/September 2024 Footnote

The IRS has advised CPAs to review all aspects of their data security strategies, including administrative practices, building protection, computer security, staff and information systems. But does this mean you have to immediately become an internet security expert if you want to avoid becoming the next headline or cautionary tale? Absolutely not!

Protecting sensitive data can be simple for CPAs to do. The following steps will help ensure better data protection in your practice and are easy enough that any firm can implement them.

1. Identify your cyber assets

The path to a more secure firm starts with creating asimple document detailing your practice’s IT assets. List all the technology you use at your firm to the best of your knowledge, including:

• Networking infrastructure.
• Systems and other hardware.
• Applications and data.
• Users.

2. Strengthen your passwords

Office security, from network to personal computer, hinges on password strength. Enhance protection by using a password manager, which secures all passwords under one master passphrase. A passphrase is basically a stronger, more complicated password. Strong passphrases have the following characteristics:

• Contain both upper and lowercase letters.
• Have digits and punctuation symbols as well as letters.
• Contain at least 12 or more letters, numbers or symbols.
• Are not a word in any language, slang, dialect or jargon.
• Are not based on any personal information.

3. Ensure data security and PCI compliance

Every business that accepts credit or debit card payments must be compliant with the Payment Card Industry Data Security Standard (PCI DSS). To become compliant, businesses must complete a Self-Assessment Questionnaire (SAQ) on an annual basis.

The SAQs are based on the 6 standard groups outlined by the PCI DSS (and their sub-requirements), which are:

1. Build and maintain a secure network: Ensure that your systems have firewalls installed and are regularly updated.
2. Protect cardholder data no matter what: The best online payment solutions will store and protect sensitive cardholder data for you.
3. Maintain a vulnerability management program: This simply means using antivirus and anti-malware software and keeping it up to date.
4. Implement strong access-control measures: This involves limiting access to sensitive cardholder data to only those who need it for business purposes.
5. Regularly monitor and test networks: This involves documenting who can access what and making sure these practices are working correctly.
6. Maintain an information security policy: Draft a security policy that outlines how your business uses technology and handles sensitive data.

Establish a reputation clients can trust

CPACharge is the preferred secure solution for CPAs. It offers end-to-end encryption, tokenization and multi-factor authentication to protect client data. By using CPACharge, you prioritize your clients’ confidentiality and demonstrate your firm’s commitment to security.

So why wait? Reach out for a demo today and take the first step toward building a reputation as a trusted, secure firm.

Hannah Bruno is a senior content writer at CPACharge. She is based in Austin, Texas.