firm security needs an independent review

who needs cybersecurity training? your whole staff.

by roman h. kepczyk
quantum of paperless

going “paperless” means that all firm files and client data will be digitally stored on the firm’s network, which is almost always accessible to firm personnel via internal workstations and remotely via the internet.

more: survey: digital audit confirmations not the norm | training that works | survey: 61% of auditors commonly use data extraction tools | survey: firms divided on esignatures
exclusively for pro members. log in here or 2022世界杯足球排名 today.

the firm has a fiduciary responsibility to protect this data from anyone not specifically authorized to view it. proper security is very difficult for any internal network administrator to guarantee as few have the experience and have participated in ongoing training to implement security settings optimally the first time.

therefore, all “one-shot” implementations of firewalls, wifi routers, virtual private networks and other security settings should be outsourced to an organization that has experienced personnel dedicated to security. in many cases, these providers can also deliver ongoing monitoring and maintenance of the firm’s firewall, internet connectivity, and provide security guidance and personnel training. we recommend all firms conduct annual security training for all staff on today’s most common cybersecurity threats including phishing, ransomware and social engineering, which can put the firm at risk.

the firm’s security infrastructure can then be verified by an independent security consultant every few years, or whenever a major change in the firm’s network infrastructure takes place. if there is not a security consultant locally, three vendors with accounting firm experience in north america are arxis technology (arxistechnology.com), mcmillen group (mcmillengroup.com) and xcentric (xcentric.com).

recommended actions:

have an independent security consultant/network integrator review firewall, antivirus, spam and physical security at least every three years or whenever a major change is made to the firm’s infrastructure.
mandate annual cybersecurity training for all firm personnel.

posted on january 15, 2019

roman h. kepczyk

about the author

roman h. kepczyk, cpa, serves as director of firm technology strategy for right networks, helping firms throughout north america effectively use information technology and accounting applications by optimizing their tax, audit, and administrative production workflows.

click here for more by roman kepczyk

he is a contributing author to
bridging the gap: strengthening the connection between current and emerging leaders in the cpa profession

he has spent the past 20 years consulting exclusively with cpa firms and prior to that, 10 years with the cpa firm of henry & horne, arizona’s largest regional firm, where he was the partner in charge of the firm’s management advisory services and pc consulting practices. roman also served as the firm’s administrative partner where he oversaw internal accounting, marketing, human resources, and was responsible for the creation and implementation of the firm’s technology plan and budget. he is a former member of the aicpa pcps executive committee and a former chairman of the aicpa’s information technology executive committee. he has served as a member of other aicpa initiatives, including the special committee on enhanced business reporting, ebusiness task force, it best practices, it research, it practices committees, and group of 100 projects. in addition, he is a former chairman of the aicpa top technologies task force. roman was named by inside public accounting as one of the profession’s most recommended consultants for each of the years from 2004 through 2014, cpa practice advisors top 25 thought leaders for 2011 through 2015, and accounting today’s most influential people for the years 2000 through 2005, 2011, 2013 and 2014. roman is also an advisory board member to the association for accounting administration and has served on the board of directors of the arizona society of cpas. on a technical level, roman is an aicpa certified information technology professional (citp) and a certified lean six sigma black belt (lss bb). he authored technology chapters for the ppc map handbook, ppc guide to paperless engagements, and sections of the aicpa map handbook.

click here for more by roman h. kepczyk