IT security for accounting practices

If you are looking for a higher level of IT security for your accounting practice, here are some areas to consider.

Your email and software

• Two-factor authentications (How to setup for all online accounts).
• Ransomware and advanced threat protection.
• Remote wiping of devices that host company data.
• Restrict copying and saving of data to confidential files.
• No Copy and Do Not Forward rights management so documents are emailed offsite.
• Spam Filtering (large well-known hosts are better at this simply because more mail has gone through their machine learning servers).
• Policies to lock down PCs remotely with one click.
• Force PCs to install Windows updates to ensure they are protected against bugs.
• Ensure operating systems such as Windows have active and up to date firewall and malware protection. In the case of windows, this simply means turning on the standard windows firewall and windows defender applications.

Your domain and website

• Two-factor authentication.
• Dual daily backups (cloud and offline).
• File recovery.
• Endpoint firewall and malware scanner.
• Password manager.
• Leaked password protection.
• Live traffic monitoring.
• Country blocking.
• Reputation and domain health (check with Mxtoolbox).
• SSL/TLS certificates.
• Domain privacy such as WHOIS Privacy.
• Spam protection.
• Dedicated IP address.

What to avoid

If a so-called IT security company wants to do the following:

• Request a service account from your host.
• Forward all password reset emails to a single mailbox.
• Ask you to send passwords over email.

Or has the following:

• A server located outside the country you are in (check their website with Host Checker).
• Shares an IP address with other sites.
• Unsafe browsing (Google transparency report).
• Domain health errors (check with Mxtoolbox).

Stay tuned. We will elaborate on each of these points in coming posts.