4 min read

3 things you can do now to reinforce your firm’s cybersecurity

System breaches, firewalls, and green text on black screens. Hollywood’s idea of what it means to be hacked can be so over the top and exaggerated that you can’t possibly take it seriously. But when you read the actual stats, cybersecurity proves to be a real threat—and not just for the big corporations.


In 2021, there were over 4,000 publicly disclosed security breaches. As a result, more than 22 billion records were exposed. Experts predict that 2022 will exceed the 2021 breach count by as much as 5%.

We think that hackers are going to go after the big fish like banks or other financial institutions stacked with customer data and personal information. But in reality, hackers target smaller businesses because they don’t have the resources to build up their defenses.

Fortunately, so much of the software and online tools we use today have extra security options that can be activated with as little of a flick of a (digital) switch.


Why cybersecurity matters

We know that, for accountants and CPAs, cybersecurity attacks are happening at an increasing rate, but what does it mean for your operations? And why should you invest time and effort into enhancing your cybersecurity?

There are a lot of reasons cybersecurity is important, from the very real costs of an attack to the positive perception of taking care of data. Taking control of your cybersecurity can save you damages down the line, but also be a selling point of your services to prospects.

A security breach is costly


It’s just one security breach, how much could it cost? Ten dollars?

The 2022 annual Cost of a Data Breach report done by IBM and Ponemon Institute looked at 550 real breaches and found the average cost of a data breach is $4.35 million. This cost has climbed 12.7% from $3.86 million in the 2020 report. The calculation of the cost looks at a combination of lost business, response actions, notification actions, and tracking the attack from initial detection.

Your operations likely aren’t big enough for an attack to rack up multimillion dollar bills, but these numbers tell a story: the cost of responding to an attack is widespread across multiple parts of your operations. In some cases, you might even need to temporarily shut down to take action.

If you are a victim of a cybersecurity attack, you essentially need to put your work on hold as you rebuild your data storage from scratch, notify clients, and hire somebody to understand what exactly happened and prevent it from happening again. This can heavily disrupt cash flow as you won’t be able to put your usual time into revenue generating activity.

Getting hacked hurts your image

Cybersecurity attacks have become some of the biggest news stories in the last few years. The reported damages are high and it becomes a topic of interest and fear for those who aren’t tech savvy.

Even if your attack isn’t discussed on nationwide news, the story can spread in the circles of your ideal clients and competitors alike. This mark on your firm can scare prospects away before you even have a chance to interact with them.

Once you’re a victim of a cybersecurity attack, you have a massive red flag that will sway people to your competitors. After all, if you aren’t investing in your cybersecurity, people will wonder what else you could be doing that’s not in the best interest of your clients.

Customers care about their data

Your accounting firm holds so much high-value information for your clients. From the actual financial activity itself, to personal information and potentially even banking information, there’s more than enough data a hacker can pull to jeopardize the financial safety of your clients.

The truth is 91% of consumers are concerned about online security threats, and the more valuable the data you hold, the more that will impact someone’s spending choices.


3 quick ways to improve your cybersecurity

Upping your cybersecurity game doesn’t need to be costly. The tech companies that make the software you use every day care about cybersecurity as well, and they’d love it if all their users used the options available to them.

We’ve compiled 3 of the simplest, easiest ways to increase your cybersecurity right now.


Enable 2FA when available

What it is: 2FA, or “two factor authentication,” is essentially a second layer of security when logging into an account. Rather than be granted immediate access via a username and password, you will be prompted for a code sent via phone, email, or other method to confirm it’s really you logging in.

How it helps: If somebody gets a hold of your login information, they won’t be able to access your account without access to your 2FA. For example, if your 2FA is a code sent via text message, they would need your phone to access your account.

How to do it: Most of the time you’ll get a prompt asking you to activate 2FA when you log in to your account. Otherwise, you’ll need to navigate to your account settings and see if 2FA is available under the security or login settings.

Increase the strength of your passwords


What it is: We often reuse passwords across all of our accounts. This means that if someone finds your password for one account, say your personal Facebook account, they have access to all of your accounts.

How it helps: Ever hear of the infinite monkey theorem? Essentially, it states that having infinite time, a monkey randomly hitting the keys of a typewriter will eventually type any given text. Now think of the same for passwords except instead of monkeys, you’re dealing with intelligent hackers and instead of randomly hitting the keys, they’re doing so methodically. By making your password more random or replacing letters with numbers, the harder it is to guess a password.

How to do it: Switch up your password for every account that you have. Try to include some randomness with capitals, numbers, and other characters to make it especially difficult to guess. If you make your passwords so complicated they’re difficult to memorize, try a password storage solution like 1Password or Google Password Manager.

Use free encrypted data storage

What it is: You can think of encrypted data as the security guard checking credentials at the entrance of a building. Computers can store “encryption keys” which operate the same way as a passport lets you into a country or name tag into a building. It verifies who you are and confirms whether you should be granted permission to view the data.

How it helps: If you’re sending or collecting documents, they can end up in the wrong hands no differently than a letter can be delivered to the wrong house. But if your document is encrypted, that stranger won’t be able to open it up and access all the information that’s held within.

How to do it: Some of the tools you already use might offer free encrypted storage options. For example, Microsoft offers OneDrive and Google Drive features a high level of encryption. With both, you can limit who can access what, but be sure to review with clients who has access to each regularly in case someone who shouldn’t still has access.

Botkeeper’s automated bookkeeping solution takes security seriously, with industry-standard SOC2 Type 2 accreditation, two-factor authentication, and 256-bit encryption for data at rest and data in transit. Want to learn more about securely opening your capacity by automating bookkeeping?


Get Started!