When consumers need help managing their finances in their daily lives, they may first seek out a certified public accountant to track their money. CPAs work with a wide variety of clients who all hand over their sensitive information relating to their banking, income and other personal data. As such, these types of files make CPAs very lucrative targets for hackers, and information could be very damaging to lose during an attack or natural disaster. By creating the perfect backup plan, CPAs can protect themselves and their customers from these threats.
Bridge the GAPP
There are a number of industry standards that have been established to help CPAs secure their systems and ensure that their data is protected. Since CPAs deal in managing financial information and likely accept credit cards for payment, they must adhere to PCI DSS guidelines in safeguarding this data. This could mean leveraging encryption for backups, among other measures.
Besides PCI compliance, CPAs should aim to follow the rules of the Generally Accepted Privacy Principles, set by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. These guidelines outline 10 focus areas, including backup policies, management and access of documents, quality of information and privacy. Criteria under each principle go further in depth to put CPAs on the right path when backing up their data and ensuring that it has the required security. Following GAPP will support CPAs in their effort to protect financial information and survive a potential disaster.
Create a detailed policy
One of the most critical aspects for any business is making a policy that clearly states what that organization is going to do to back up and protect its information. This plan can include formalizing when backups will occur, what will be backed up and who will be executing this strategy. Optimistically, your strategy will include the 3-2-1 rule, where you create three backups, using two different media, keeping one off-site.
“Make a policy that clearly states what your organization is going to do to back up and protect information.”
AccountingWEB noted that the off-site aspect will be key to disaster recovery, especially if your physical site and copies are destroyed or compromised. However, the local copy can be critical for immediate restoration needs since you’ll be able to restore large volumes of data faster than you would from an off-site resource. It’s obvious that both methods have critical parts to play in backup efforts, and should be incorporated in CPA recovery strategies.
“Once a disaster occurs, it is often too late to test the restore process on your backup system,” AccountingWEB stated. “Regularly restore sample files from your backups to validate that the restore process works and that it functions according to your expectations.”
CPAs have a number of considerations to make when it comes to protecting client financial information. By following the guidelines set by GAPP and creating a comprehensive backup policy, CPAs will have a better direction for implementing security across their files and ensuring that they have protection in place to prevent their essential data from being compromised.