Summer Cybersecurity for Accounting Firms

Tax season is over. Summer is relatively quiet time for accounting firms. Staff catch their breath after April rush.

This is perfect time to address cybersecurity. Strengthen defenses before next tax season brings stress and distraction.

Why Summer Matters for Security

Time Available

Staff have bandwidth for security projects during summer. Tax season leaves no time for anything beyond completing returns.

Less Stressful Implementation

Security changes during tax season create stress and resistance. Summer implementation allows proper training and adjustment.

Preparation for Next Season

Security measures implemented in summer are established and working smoothly by next January.

Summer Security Projects

Project 1: Implement Multi-Factor Authentication

If you don't have MFA on all accounts, summer is time to implement.

Where to Implement

• Email (Office 365, Google Workspace)
• Tax preparation software
• Practice management software
• Client portals
• Banking and financial accounts
• VPN and remote access

Implementation Timeline

June: IT staff and partners

July: All staff

August: Test and refine, fix any issues before fall

Project 2: Security Awareness Training

Summer is ideal for comprehensive security training.

Training Topics

• Phishing recognition (especially tax-themed phishing)
• Password security and password manager use
• Client data handling
• Physical security
• Reporting suspicious activity

Format

Mix of online training modules and in-person sessions. Simulated phishing tests to reinforce training.

Project 3: Vendor Security Assessment

Review security of vendors you depend on.

Critical Vendors to Assess

• Tax preparation software
• Practice management software
• Client portal providers
• Cloud backup services
• Email providers

What to Request

• Updated SOC 2 reports
• Security questionnaire responses
• Verification of Business Associate Agreements (if handling client data)
• Breach notification procedures

Project 4: Backup Testing and Verification

Summer is perfect time to thoroughly test backups.

Testing Procedures

• Restore sample files and verify integrity
• Test full system restore if possible
• Document restore procedures
• Time restoration process
• Verify offsite/cloud backups work

Improvements

If testing reveals problems, summer provides time to fix them before they're critical.

Project 5: Password Manager Implementation

If staff aren't using password managers, summer is time to implement.

Selection

1Password, Bitwarden, or LastPass for teams. Consider which integrates best with existing systems.

Rollout

June: Select password manager and set up for IT/partners

July: Roll out to all staff with training

August-September: Gradually replace weak passwords with strong unique passwords

Project 6: Client Portal Security Review

If you use client portals for secure document exchange, review security configuration.

Configuration Check

• Is MFA enabled for client access?
• Are passwords required to be strong?
• Is data encrypted in transit and at rest?
• Are access logs being reviewed?
• Do clients have appropriate access restrictions?

Project 7: Security Policy Documentation

If you don't have written security policies, summer is time to create them.

Policies to Document

• Acceptable use of technology
• Password requirements
• Client data handling procedures
• Incident response procedures
• Vendor security requirements
• Remote work security

Project 8: Endpoint Protection Upgrade

If still using basic antivirus, summer is time to upgrade to endpoint detection and response (EDR).

Why EDR

Traditional antivirus catches only known malware. EDR detects ransomware and other threats based on behavior.

Critical for accounting firms handling valuable financial data.

Options

Microsoft Defender for Endpoint, Crowdstrike, SentinelOne, Sophos Intercept X.

Project 9: Email Security Enhancement

Review and enhance email security before fall busy season.

Enhancements

• Advanced email filtering and attachment scanning
• Link protection rewriting suspicious URLs
• Impersonation protection catching fake executive emails
• DMARC, SPF, and DKIM configuration to prevent spoofing

Project 10: Access Control Audit

Review who has access to what and remove unnecessary access.

What to Audit

• Administrative privileges (who has admin access?)
• Client data access (does everyone need access to all client data?)
• Financial system access
• Remote access permissions

Principle

Least privilege. Users should have minimum access necessary for their roles.

Prioritizing Projects

Can't do everything simultaneously. Prioritize based on current security posture:

High Priority

• MFA implementation
• Backup testing
• Security awareness training

These provide most security improvement for effort.

Medium Priority

• Password manager implementation
• Vendor security assessment
• EDR upgrade

Lower Priority

• Policy documentation (important but less urgent)
• Email security enhancements (valuable but not critical if basic security exists)

Summer Timeline

June

Plan summer security projects. Select priorities. Assign responsibilities. Begin MFA and password manager implementation for IT staff.

July

Roll out MFA and password managers to all staff. Conduct security awareness training. Begin vendor assessments.

August

Complete backup testing. Finish vendor assessments. Refine MFA and password manager implementations based on feedback.

September

Final preparations before fall. Ensure all summer security projects are stable and working well.

Staff Buy-In

Explain Why

Help staff understand why security matters. Accounting firms are targets. Client data must be protected.

Emphasize Convenience

Password managers are more convenient than remembering dozens of passwords. MFA prevents having to deal with compromised accounts.

Provide Good Training

Clear instructions, hands-on support, patience with those less comfortable with technology.

Budget Considerations

Summer Budget

Use summer to secure budget for security investments. Easier to approve when not in middle of tax season crisis.

ROI

Calculate return on security investment: cost of breach vs. cost of prevention. Security is much cheaper than recovery.

Preparation for Tax Season

Summer security work pays off during tax season:

• MFA prevents account takeover during high-stress season
• Security awareness training helps staff recognize tax-themed phishing
• Tested backups provide confidence if something goes wrong
• EDR catches ransomware before it encrypts tax returns
• Password managers reduce forgotten password frustration

Our Services

At Robell Technologies, we help accounting firms implement summer security projects:

• MFA implementation and training
• Password manager deployment
• Security awareness training programs
• Backup testing and verification
• Vendor security assessments
• EDR implementation
• Policy development

Ten years serving Arizona accounting firms means understanding both technology and operational realities of accounting practice.

If you need help planning and implementing summer security projects, we can help.

This Summer

Use quiet summer months to strengthen security. Projects implemented now will protect you through next tax season and beyond.

Don't wait until January to think about security. By then, you're too busy to implement improvements properly.

Summer 2021: strengthen defenses, train staff, test systems. Be ready for whatever tax season 2022 brings.