Cybersecurity for CPAs: Protect your clients and yourself

  • Daniel P. Vargo

    Daniel P. Vargo

By Daniel P. Vargo
Daniel P. Vargo & Associates
Updated 5/20/2021 10:55 AM

Cybersecurity is a serious 24/7 issue for Certified Public Accountants' clients, family, friends, employees, employers -- everyone. Cybersecurity breaches are a real threat costing billions of dollars a year, according to various federal agencies.

As the demands of the American economy increased with computerization and globalization over the many years, so have the responsibilities and services of CPAs. CPAs are trained to provide financial reporting, auditing, tax, management consulting, financial planning and many other valuable services to various types of and nonprofit and businesses organizations, and individuals. CPAs and other paid preparers assist clients by informing, assessing risk and protecting client information and data.


Along with the CPAs knowledge confidential information, business owners and individuals understand the value and vital role CPAs provide especially with an awareness of cybersecurity issues.

Protecting taxpayer information is the law, according to the Federal Trade Commission. The FTC requires security plans to protect client information. In addition, the IRS Taxpayer Bill of Rights says taxpayers have a fundamental right to confidentiality. Tax professionals cannot share or use tax information for any reason other than preparing a return.

Privacy and security are of the utmost importance. Today, cybersecurity protection planning must be part of your daily digital life.

Cybersecurity systems should include anti-virus and anti-spyware software, firewalls, two-factor authentication, encryption for all sensitive files, backup software, enforced strong password policy, and virtual private networks when working remotely. Firms should monitor and restrict user access and use reputable updated cloud resources.

Password rotation and management is a critical aspect of cybersecurity. The best defense is to use strong passwords, long passwords, and change them at least four times a year.

by signing up you agree to our terms of service

Most importantly, employees must be educated, aware and vigilant. Staff should avoid unnecessary internet searches on company equipment and networks. The firm should engage competent IT professionals. Perhaps most importantly, use written engagement letters.

Ultimately, human error is the biggest risk. Security controls must be shared and discussed with everyone. Most important, always back up your files and data and periodically test your backup systems. Finally, consider using a comprehensive security firm to protect you from viruses, online security theft and protection.

As you evaluate your cybersecurity plan, these resources may help:

• Small Business Administration ( for starting and managing a cybersecurity plan.

• Cybersecurity Guide ( provides strategies and guides for small businesses.

• AICPA Cybersecurity Resource Center is a great resource for CPA cybersecurity (


• CNA Risk Solution ( has valuable information on cybersecurity insurance coverage.

• Internal Revenue Service (, specifically to obtain the six-digit IRS Identity Protection PIN.

This addition encouraged identification number complements your Social Security number to enhance your identity protection and prevents someone else from filing a tax return using your Social Security number. Anyone can apply for this identity protection number with IRS Form 14039.

• Daniel P. Vargo, CPA is the founder of Daniel P. Vargo & Associates in Warrenville.

Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the X in the upper right corner of the comment box. To find our more, read our FAQ.