CPA Cybersecurity Scorecard - SCACPA Event

Protecting client trust and data integrity is paramount for all CPA Firms. The stakes are even higher when you have more than 15 users.

Unlock Your Scorecard: Get Started

Name:*

Email Address:*

Phone Number:*

CPA Firm Name:*

Number of Employees in Your Firm:*

Rate Your Readiness: Key Security Questions

1. How often is your firm's critical data fully backed up, AND is the restoration process tested?

Daily automated backups, verified & tested at least quarterly.

Daily automated backups, tested annually.

Weekly backups (manual or auto), occasionally tested.

Monthly or less frequent, rarely/never tested.

"Backup"? My computer asks if I want to save to the cloud sometimes...

2. How does your firm manage user passwords and access to sensitive client data?

Enforced strong, unique passwords, MFA on ALL critical systems, & regular access reviews.

Password complexity rules, MFA on some key systems.

Basic password requirements (e.g., minimum length), limited/no MFA.

We trust our team; passwords are simple and sometimes shared for convenience.

My sticky note password system is foolproof!

3. How frequently do your employees receive practical cybersecurity awareness training (e.g., identifying phishing emails, safe browsing)?

Regularly (e.g., quarterly) with phishing simulations & updates on new threats.

Annually, covering essential cybersecurity hygiene.

Upon hiring only, or very sporadically.

We sent an email about it once... I think.

Training? They're CPAs, they're smart enough to avoid scams!

4. If your firm was hit by a major cyberattack (like ransomware) RIGHT NOW, what's the plan?

Documented, TESTED Incident Response Plan; staff know roles & contacts.

We have a basic plan written down, but it’s not been tested recently.

We'd immediately call our IT provider (if we have one) and figure it out.

Step 1: Mild panic. Step 2: Google "what to do ransomware".

Hope it fixes itself? Or maybe pay the ransom quickly?

5. How does your firm manage the software and online tools used for handling client data?

Only approved, vetted, updated software/cloud services used; strict data policies.

Mostly approved software, but some staff use personal cloud storage or unvetted tools for convenience.

We use a mix of older software and various free online tools; updates are inconsistent.

If it helps get the job done, we use it. Not sure about security vetting.

My nephew installed some great free tools he found online!

Next Steps

Would you like a SpartanTec, Inc. cybersecurity specialist to contact you for a brief, no-obligation 15-minute call to discuss your scorecard insights and potential next steps?*

Yes, please contact me.

No, thank you at this time.

Yes, please add me to the SpartanTec, Inc. mailing list for occasional cybersecurity insights and updates relevant to CPA firms.

A representative from SpartanTec, Inc. will be in touch shortly if you requested a follow-up call.

Learn more about SpartanTec, Inc. by Scheduling a Phone Call.

Uncover Hidden Gaps: Test Your Firm's Defenses Now.