Every day, accountants handle sensitive client data such as names, Social Security Numbers, addresses, banking details, tax information, and credit card numbers. If this information is stolen, it could be used for identity theft, fraud, and other crimes. Accountants have a responsibility to protect this data and if they fail to do so, they may face legal lawsuits. Accountants can keep this client data safe from cybercriminals by:

1.     Download a VPN

What is a VPN? A Virtual Private Network encrypts your data by using AES (Advanced Encryption Standard) with 256-bit keys and also known as AES-256. This encryption standard is the same one used by the U.S government and security agents in the world to protect classified data.

A VPN, such as Surfshark or NordVPN, creates a secure tunnel between all your office devices and the internet. The VPN hides your location and your IP address, ensuring any hacker who is spying on your network does not know where you are logging in.

2.     Use Anti-virus and Firewalls

The importance of anti-virus and firewall protection cannot be overlooked. Even if your firm does not have an IT department, you need to ensure that the network hosting the clients’ data is secure. An anti-virus detects most malware, spyware, and viruses.

A firewall allows you to secure the network’s traffic, and although both solutions are not 100% secure, both will greatly reduce the risks of attacks. The combination of several security controls helps to protect your data and resources and running a firewall, anti-virus, and anti-malware increase your data security.

3.     Education

As an independent accountant, you only need to cater to your cyber-threat education. A larger company needs to ensure they offer their employees education on how to detect cyber threats, and what to do when they occur. Most attacks happen when employees open suspicious links in emails or visit sites infected with malware. Training ensures everyone on the team understands the dangers of such malware and how to avoid falling into the traps set by hackers.

4.     Create Unique Passwords

Password training needs to be part of the employee training but as a separate entity. Using easy to guess passwords is often what sells you out to hackers. The rule of thumb when it comes to passwords is that you should make your password easy for you to remember, but difficult for anyone to guess. Passwords that are too obvious such as birth dates, pet names, etc., make hacking easy. Each password in your network’s computers should be unique and hard to guess. Employees need to learn how to incorporate uppercase and lowercase letters, numbers, and symbols in their passwords.

5.     Use a Password Manager

A password manager allows you to store passwords. The password manager is encrypted heavily and needs a master password to gain access to it. The master password is very secure and allows you to get full access to all your passwords.

Password managers use a technique called hashing on their password storage. If the password manager were hacked, the hackers would need a lot of time to decrypt the passwords.

6.     Watch Out for PUAs

PUAs (Potentially Unwanted Applications) include browser extensions, adware, and other software that has additional software piggybacking on it. These PUAs can wreak havoc in your networks. If you have a dedicated IT department, ensure you ask them to ensure that unwelcome software is not installed on your work computers. Ensure you frequently back up your data, and ensure they do not download programs online from torrent sites. Ransomware affects many accountants who tend to install software from unknown sites, and without realizing the consequences.

7.     Have a Mobile Device Policy

Accessing the cloud using a mobile device is one of the easiest ways to access client data while on the move. Mobile devices are not always as secure as a PC in the office, especially if you are accessing the internet using public networks. You have to come up with ways of mitigating cyber risks, either by banning mobile devices for accessing the accounting system or securing any mobile device used for access. Whichever policy you come up with, ensure that everyone follows the policy to the letter.


A cyber breach can have devastating consequences for an accounting firm. Even large firms that can survive losing clients and lawsuits following data breaches might not survive the damage to their reputation. No accountant relishes being sued by clients in the event of a data breach and avoid being hacked and the subsequent consequences are the only thing to do.

Accountants build their businesses on trust and losing that trust has dire consequences. Your clients trust you to ensure their taxes are paid and with their sensitive data. Securing your systems by downloading a VPN, using anti-virus and firewalls, educating employees, unique passwords, are just some of the ways you can protect your systems from cyber-threats.

About the author:
Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe, secure, and censor-free internet. He writes about his dream for a free internet and unravels the horror behind big techs.