Cybersecurity, at the end of the day, boils down to trust. No matter how valuable the services you provide, if you can’t keep your clients’ data safe, they aren’t going to trust you with their business. So it’s paramount for CPA firms to take measures to keep client data secure.
The importance of trust extends to organizations CPAs belong to, such as the VSCPA. Here’s how we’re safeguarding your data:
This time of year brings a steady stream of visitors to the CPA Center. We use a state-of-the-art Wi-Fi network that keeps guest Wi-Fi traffic isolated from our internal network. Users must actively agree to and acknowledge rules of behavior prior to being permitted to use our guest Wi-Fi access to the Internet.
In addition, devices not owned by VSCPA cannot connect to our internal Wi-Fi network, and those connected to public Wi-Fi can’t access the VSCPA’s internal network. When staff work off-site, all data is encrypted "in transit."
The VSCPA utilizes two deep packet inspection firewalls for perimeter defense and intrusion prevention. The firewalls block all access not specifically necessary for Society business. Strict control over third-party access is maintained through whitelisting policies.
VSCPA staff have rights to network data based on their role. Directories containing financial, ethical, human resource, peer review and the website are especially guarded, with administrator access being tightly restricted.
Software is updated with patches that have passed regression testing and regular scans for critical threats and malware are performed. Additionally, VSCPA.com and our email servers both encrypt data via HTTPS.
We also own domains similar to VSCPA.com to eliminate the possibility of a copycat website aimed at stealing information. If you try to access VSCPA.org or VSCPA.net, you’ll be sent to our website, under our control, with all the protections detailed above.
You can’t leak what you don’t know
The VSCPA worked diligently to develop a single sign-on system (SSO) for the VSCPA and vendor websites. These include the VSCPA’s Connect vendor, Higher Logic, and our online CPE partners. When users sign into these sites through SSO, they are validated by a temporary, encrypted token.
In other words, our vendors don’t know or store user passwords. They don’t even handle them.
Beyond all those methods, we’re always looking to make our operations even more secure. Staff receive training on recognizing suspicious emails aimed at opening a door into our network and on best practice password methodologies. We hold our vendors to the same standards we follow and require them to send security reports regularly. Thanks for trusting us with your information!