The accounting industry is facing a full-blown workforce crisis. Between unfolding circumstances and new demands, accounting firms are known an easy target for bad actors. The new demands for remote work, are making it worse.

• 70% of CPAs are close to retirement age

• Fewer CPAs are entering the profession

• Younger workers expect flexibility (hours, location, work, etc.)

• The flexibility creates a NEW client privacy dilemma

How do you protect sensitive financial and client data outside the firm’s walls, in remote environments?

The Foundation Every CPA firm should be building

Remote work can strengthen a firm’s talent strategy, but only if it’s built on a secure and compliant foundation. CPAs handle some of the most sensitive information in business—tax returns, payroll data, and financial records.

This makes them prime targets for cyberattacks. Without strong security protocols, one unsecured laptop or phishing email can compromise an entire firm.

The solution begins with a modern cloud infrastructure. Cloud-based accounting and document management systems—allow employees to work securely from anywhere while ensuring data never permanently resides on personal devices.

This includes a Cloud storage protocol that uses AES-256 encryption for data at rest and TLS 1.2 or higher for data in transit, protecting information as it moves between users and systems.

Tech, Humans and Complacency

A story in Auditing Accounting talks about how a Phishing expedition got by the tech and arrived in the CEO’s assistant inbox.

The CEO was requesting an immediate transfer of $737,000.

Nothing unusual about the request, but she did pause just before “send” to look again at the email. Everything was spot on…EXCEPT for the “.co” instead of “.com” at the end of the CEO’s email.

With the best of technical security and systems under continual monitoring, many employees can get complacent rather than deciding to do a second check like this.

“The Office” provides a structure even encouraging a set of rules or policies just through being present. Being outside of that environment, can easily lead to complacency. Being outside the office and perhaps in the middle of nowhere can seem safe. And feeling safe makes the rules more easy to ignore.

Cyber-criminals bet on this, and more often than not, find the easiest entry points among a remote workforce.

It’s time for Zero Trust: Never Trusts – Always Verify

A Zero Trust security model means “never trust, always verify.” Every login attempt must be authenticated and authorized, regardless of location or device. Firms can enforce this through:

• Multi-Factor Authentication (MFA): Adds an extra layer beyond passwords.

• Single Sign-On (SSO): Simplifies secure access to multiple systems.

• Role-Based Access Controls (RBAC): Limits data visibility to job-relevant users.

• Devices used for remote work should be managed and secured with endpoint encryption and mobile device management (MDM).

These enforce security policies—automatic updates, screen locks, and remote data wipes—if a device is lost or stolen.

Be Remote Work Ready

Offering remote work isn’t just an employee perk—it’s a business imperative.

Firms that embrace flexible, secure digital operations will not only attract top accounting talent but also safeguard their clients’ trust and data. The future CPA firm is cloud-enabled, security-focused, regularly trained, and built for wherever work happens.

To help you stay compliant, we have created the IT Compliance Checklist for CPAs. This is the comprehensive checklist you need to identify issues, fix them, and build compliance BEFORE your next audit.

If you have any questions or need further explanation, this checklist comes with a 30 minute consult to personalize this checklist to your firm.

STAYING COMPLIANT -IT Compliance Checklist for CPAs

Nerdworks Services, LLC specializes in helping accounting firms and other compliance-driven companies navigate remote work's complexities while maintaining compliance and supervision standards through collaborative consulting, infrastructure design, IT management, training, and ongoing support.

Nerdworks Services, LLC| 1901 Central Drive, Suite 401, Bedford, Texas 76021 | 682-324-9360 | website:https://nerdworks.services/ email:[email protected]