Securing Today’s Accounting Workflows in the Cloud

COVID changed accounting workflows forever. Virtually overnight, firms were forced to adopt remote access technology at a pace never seen before.

In their haste, firms jumped on whatever technologies were available to them based on:

• What they understood about remote technologies at that time.
• What their technical resources were advising them to do.

While all firms had to transition to a new normal, the breadth of solutions and end results were remarkably different. Firms already in the cloud had it easier; firms that were highly manual had to fast-track digital adoption. 

Accounting firms needed to retrofit nearly every workflow…and fast. Whether it was entering client documents, video collaboration or adopting digital payment systems—their focus was simply to get the work done.

Unfortunately, security wasn’t always considered in the rush to transition accounting workflows. There was simply no time for traditional due diligence.  

And just like a few years ago, we’re all beginning to feel another significant evolution: artificial intelligence (AI). AI has permeated just about everything and will be further evolving our accounting workflows.

And like déjà vu, the question will again be: How could this change impact my firm’s security?

Why Is This Happening? Why Now?

Prior to the pandemic, there was a significant convergence of technologies (often referred to as the fourth industrial revolution).

Computing horsepower and data storage became incredibly cheap and accessible to much of the world via the internet. This created an entirely new information infrastructure and economy “in the cloud.”

Then, the pandemic forced people to work remotely, accelerating the adoption of remote access tools. This fundamentally changed how accounting firms worked, leading to a continual stream of new process adoption.  

These changes also created an environment where technological evolution could expand even faster for all organizations. It introduced more “best of breed” applications rather than integrated suites (think: Microsoft Office 365.) All of this is being further accelerated with AI.

Risky Business: Guess Who’s Noticed the Rapid Evolution of Accounting Workflows?

Accountants aren’t the only ones who took notice of this rapid and sometimes careless workflow evolution and application adoption.

Cyberhackers have noticed. In particular, they’re targeting medical, legal, government and financial organizations for their vast amounts of personally identifiable information (PII). Compromised PII can be monetized via ransomware, extortion or by simply selling the data on the dark web.

To no one’s surprise, accounting firms are being targeted for their PII. While there is an assumption that small firms aren’t being targeted, criminal organizations are using automated tools to go after any vulnerability at any-sized firm.

Cyber attackers are looking for vulnerabilities everywhere, checking:

• Firms’ servers
• WiFi routers
• Mobile devices
• Individual applications
• Operating systems
• Web browsers
• Security applications (yes—even the security apps you use to try and protect yourself.)

In essence, any piece of hardware or application not being actively monitored and updated is a potential target. Every size firm—from sole practitioner up to the Big Four—is a target.

Securing your data and your accounting workflows has never been more critical. And the reality today is that it is mandatory… 

Accounting Firm Security Requirements

Any firm that electronically files a tax return is required to secure its data.

In addition to adhering to the IRS Security Six, accountants are required to: 

• Attend security and phishing training.
• Have a written information security plan.

The IRS Security Six requirements include:

• Antivirus
• Firewalls
• Two-factor authentication
• Backups
• Encryption
• VPN

Learn more about the IRS Security Six on irs.gov or by reading our post on how to go above and beyond their guidelines.

Most often, cybersecurity requirements are outside the knowledge and expertise of accountants. Their primary focus is keeping up with servicing their day-to-day clients (as it should be.)

With such rapid changes, it’s becoming more and more difficult for internal firm IT personnel to keep up with the cybersecurity requirements.

Internal IT teams are often understaffed and too busy meeting the day-to-day support needs…leaving security as an afterthought. With threats evolving so rapidly, keeping up with them—and figuring out how to remediate them—is a full-time job.

The only way to truly stay ahead of threats is by investing in enterprise-class resources. Unfortunately for most firms, the sticker price of these resources is outside their budget.

To help, we recommend partnering with a managed security provider with access to these resources and whose focus is:

• Unburdening accounting firms from managing their own security.
• Driving security into production workflows and client interactions.

If you’d like a closer look at the topics addressed in this article, be sure to watch our webinar: Secure workflows to protect data in and out of the cloud.

During the discussion, Molly Gallaher Boddy and I dive deep into:

• Rapid changes to the accounting profession.
• The future “new normals.”
• Security concerns around those transitions.
• How to keep your firm secure throughout it all.

Watch Secure workflows to protect data in and out of the cloud today.

Recommended next

FTC Safeguards Rule: What You Need to Know and How to Prepare