Along with managing your CPA practice comes the task of ensuring that your technology is positioned to minimize risk, create efficiencies for your staff, and keep you on the leading edge. To help you identify whether you have any exposures with your IT staff, platform, or operations, ponder our list of top-10 questions that should be posed to your IT manager. If along the way, you get a response that concerns you, there may be reason to dig in a bit further. IT may not be fun to you, but it’s certainly one of the more critical foundational components of your firm’s success.
1. WHEN IS THE LAST TIME OUR FIREWALL FIRMWARE WAS UPDATED?
Firewalls are simply dedicated computers that perform a specific job, which is to protect the firm from outside attack via the Internet. Much like your other computers, firewalls need regular attention — they too must be upgraded to keep up with the newest exploits. If your firm’s firewall has not been updated in the last 30-days, you may have a problem. Just ask your IT manager when the last time the firewall was updated and how often it’s done.
2. HOW OFTEN IS THE FIRM’S NETWORK ATTACKED FROM THE INTERNET?
Alongside the firewall, many firms are using a technology called an Intrusion Detection System (IDS) to actively monitor and thwart external threats. A typical firewall’s job is limited to blocking, rather than reporting. IDS can send reports automatically when threats have been detected. Make sure that your IT manager has this capability. With security, it’s often what we don’t (or can’t) see that hurts us.
3. HOW MANY SECURITY UPDATES ARE MISSING ON OUR SERVERS AND PCs?
Microsoft works hard to resolve vulnerabilities in their software. Along with finding and fixing vulnerabilities, they also publish details of the exposure, brilliantly creating a checklist for any hacker to use. Your computers are the gateway to your client data files and could pose the greatest risk of exposing client data to the outside world. With hundreds of security updates being released by Microsoft every year, using an automated system is the only way to keep up — especially if you have more than a handful of computers. Ask your IT manager to provide a list of missing updates, specifically per server, per desktop, and per laptop. Hopefully they have this at their fingertips and won’t have to sit at every machine to figure it out.
4. CAN YOU PROVE THAT OUR BACKUP IS WORKING? (AND IS IT TAKEN OFFSITE EVERY NIGHT?)
Office fire? Flood? Theft? Whew… not fun to think about. Your firm’s most valuable asset, aside from people, is your client data. It’s all too easy to expect that the backup is running, but how can you know whether the backup was truly successful? And, what good is it if the backup was successful, but wasn’t taken offsite? Review your IT manager’s backup strategy document (notice we said ‘document’ — it should be documented) and show you proof that the backups are successful. Ask them to explain where and how the data is stored offsite. Is there any risk created by the location where the tapes are stored? How are they transported?
If you don’t like what you find out, check into online backup, a technology that solves most of these concerns.