Outsource Some Security Functions

Annual staff training is a must-have.

By Roman H. Kepczyk
Quantum of Paperless

Going paperless means that all firm files and client data will be digitally stored on the firm’s network, which is almost always accessible to firm personnel via internal workstations and remotely via the Internet.

MORE ON TECH SPENDING: Use Collaboration Technology to Improve Your Firm | Mandate Training Programs, Accountability | Portals are Vital for Secure File Transfer | Deliver All Reports Digitally | How Audit Field Equipment Has Changed | How and Why to Establish Firm Procedures Manuals | Devil's in the Details of Digital File Delivery |
GoProCPA.comExclusively for PRO Members. Log in here or upgrade to PRO today.

The firm has a fiduciary responsibility to protect this data from anyone not specifically authorized to view it.

Proper security is VERY difficult for any internal network administrator to guarantee as few have the experience and have participated in ongoing training to implement security settings optimally the first time. Therefore, all “one-shot” implementations of firewalls, WiFi routers, virtual private networks and other security settings should be outsourced to an organization that has experienced personnel dedicated to security.

In many cases, these providers can also deliver ongoing monitoring and maintenance of the firm’s firewall and Internet connectivity, and provide security guidance and personnel training. We recommend all firms conduct annual security training for all staff on today’s most common cybersecurity threats including phishing, ransomware and social engineering, which can put the firm at risk.

The firm’s security infrastructure can then be verified by an independent security consultant every few years, or whenever a major change in the firm’s network infrastructure takes place. If there is not a security consultant locally, three vendors with accounting firm experience in North America are Arxis Technology (ArxisTechnology.com), McMillen Group (McMillenGroup.com) and Xcentric (Xcentric.com).


  1. Have an independent security consultant/network integrator review firewall, antivirus, spam and physical security at least every three years or whenever a major change is made to the firm’s infrastructure.
  2. Mandate annual cybersecurity training for all firm personnel.

Leave a Reply