The foundation of Smart Security Management: Your IT infrastructure

*This blog is part of the May 2023 Thought Leader newsletter

If there’s a better time to identify the issues with a firm’s IT infrastructure and security than the throes of tax season, I haven’t found it. Not only does the busiest time of year have a way of showing you what’s working well, but it also shows you the weaknesses of your system…and usually, the latter happens at the most inconvenient times.

In this article, I’m not going to address the security risks associated with running today’s modern accounting firm. You can read all about the latest risks and attacks in both the Rootworks and Right Networks blogs. Instead, because security is one of today’s hottest topics, let’s talk about what you absolutely need to do this year, post-tax season.

Your post-tax season IT infrastructure checklist

The weeks following Tax Day are the ideal time to sit down with your team to review your technology and processes while the good and the bad are still fresh in your mind. The following are my recommendations for building an IT infrastructure that’s both strong and flexible enough to serve as the foundation of your Smart Security Management strategy:

1. Switch to the cloud

Move every application you use, along with all your data, to a secure cloud infrastructure. Make sure your move is professionally managed by an organization you can trust—one with scale, investment and a proven track record.

Here’s what I mean by that:

1. It’s important to select a vendor that has scale. In other words, one that possesses the expertise to keep your data secure, and the support team to react quickly to any question, issue or emergency.
2. Choose a vendor with investment. It’s important to work with a vendor that invests in their solution by hosting all your important applications, whether they’re a unified suite or a combination of applications from various vendors.
3. Search for the vendor with the best uptime track record. You can’t afford to lose functionality at any time of year, but that’s especially critical during busy season.

2. Implement a stringent password management policy.

This requires thought and planning on your part, because password management should never be an afterthought. The tool you select should be from a vendor that has the resources to protect your passwords.

1. Think about passwords in two broad categories. First, passwords for your staff to access applications used by the firm. Second, client passwords—the ones your staff need to access the clients’ financial information.
2. Consider the onboarding and offboarding process. Here’s the reality of our profession today: Staffing is a major concern as employees come and go. Look for a tool that allows for easy, consistent and secure onboarding and offboarding of staff.

Budgetary considerations

For accounting firms, the increase in technology expenses has outpaced all other expenses, save for staffing costs. And while I know all expenses are on the rise, I want you to consider not scrimping on your IT infrastructure.

Why am I so adamant about this? Because when you consider the potentially astronomical cost of downtimes or, worse, a data breach, it makes perfect sense to buy the best you can afford.

Here are two options to consider from a budget perspective:

1. Buy the very best all-inclusive cloud workspace.

This is the premium model, which would allow you to move 100% of your applications to a cloud-based workspace and standardize how your staff accesses all firm applications and data. If you’re going to go big on one item, I urge you to make it this one.

2. Buy a cloud workspace with fewer features.

If your budget just won’t stretch to a premium model, make sure you ask other potential cloud providers plenty of questions about their cloud offerings before you buy, including:

• How well do you understand the unique needs and enhanced security requirements of accounting firms?
• Do you offer multifactor authentication (MFA)?
• Can you work with all of our firm’s applications?
• How do you prevent and respond to security breaches?
• Is support available 24/7/365?
• How do you handle after-hours and emergency support?
• Can we see your planned/unplanned downtime report for the past two years?
• What’s the process to transition our firm and data to the cloud? Will it happen virtually, or do you come onsite to the firm?
• How will we add and delete users?
• What kind of training will we receive?

Another option to consider is working with a managed IT service provider like Right Networks. With an expert team in place, Right Networks monitors, maintains and automatically updates virtually every element of your IT infrastructure. That means you, your team, your devices and your clients’ data will always be protected and accessible.

The bottom line about Smart Security Management

The bottom line is that hosting your applications and data in the cloud provides a much more secure IT ecosystem than a vulnerable combination of email, random staff devices and DIY servers. And your firm isn’t the only one that benefits; you can establish secure portals with each of your clients that allow you to share information in a protected environment for their peace of mind, too.  

To remain competitive and secure in today’s profession, you need the most sophisticated IT and secure infrastructure you can afford as a foundation for your Smart Security Management strategy. It takes just one successful attack to destroy a firm—but it takes just one firm, standing strong with the right defenses, to fight back and keep a firm—and its clients—successful and safe.