Accounting firm security: What to focus on for 2025

Security champion Molly Gallaher Boddy shares the components of a solid security strategy for accounting firms to focus on for the future.

minute read

Last Updated June 27, 2024

Category Cybersecurity

A group of employees stand smiling at each other. One in the middle holds a tablet to show what he learned about security for accounting firms.


In May, several of the Rightworks team traveled to sunny, southern Austin, Texas, to hold the company’s first-ever user conference, RightNOW. Our technology customers, Rightworks Academy members and vendor partners joined us for this educational and community-connecting event, where we discussed the latest trends impacting the accounting profession with strategies for how firms can respond.  

With an all-star speaker lineup of thought leaders, influencers and industry experts, the event was packed with sessions, panels and dialogue around the latest topics affecting firms and their clients. And concerns about accounting firm security were a big part of the conversations.  

I had the opportunity to present our “2024 Tech Talk” with well-known and respected security thought leader Roman Kepczyk. I also had the privilege of participating in a panel session titled “Invest, investigate and ignore.” Both sessions received an enthusiastic response from attendees. That being the case, I’d like to share a few key takeaways that firms need to be thinking about when it comes to securing their firms. 

Photo of Rightworks Product Marketing Manager Molly Gallaher Boddy as she presents at the 2024 RightNOW conference.
Rightworks Senior Product Marketing Manager Molly Gallaher Boddy talks about the components of an accounting firm’s security strategy at RightNOW 2024.

It starts with the cloud

The managed cloud provides firms with a comprehensive and secure way to access their tools and applications—anywhere and at any time. And we talk a lot about this at Rightworks because it offers immense value to firms. Part of that value extends to maintaining consistent access within a secure environment amidst an ever-changing application landscape. 

One of the things I stress to accounting and tax professionals is the importance of protecting their SaaS applications in the same way they protect their desktop applications. And I talked about this in length at RightNOW. Here are the “CliffsNotes®” from that discussion: 

  • Have a single place where every member of your firm logs in every day to access all your firm’s applications. 
  • Have a comprehensive backup plan for application data that extends to cloud-based applications. 
  • Evaluate application sprawl across your firm, including individual users.

It requires a plan

An image with a bulleted summarized list of how a complete WISP supports an accounting firm's security goals. These components are outlined in the article as well.

As you know, all firms that have PTINs must have a WISP (Written Information Security Plan). Roman and I spoke in detail about this in our session. As the Product Marketing Manager for our Total Security and WISP products, I was excited to have the opportunity for these discussions about security plans because we launched both products during the event. We talked about how important it is for firms to move beyond compliance with the IRS to ensure their WISP supports their larger security goals. For example, a complete WISP can: 

  • Reflect the reality of your firm’s security.
  • Foster a firm-wide security-conscious culture that involves all staff.
  • Help you maintain constant evaluation, scrutiny and review of your security measures.
  • Contain clear guidelines for using emerging technology like AI.
  • Demonstrate your firm’s approach and commitment to security procedures for clients. 

Diligence is key 

An image with the following pull quote from the article: When it comes to accounting firm security, your approach can't be static. And you can't aim for 'good enough.' You have to look across industries and professions and take active measures to apply best practices.

Security can be intimidating and complex. So, we took time to outline for firms the active measures they can take to simplify the topic while still elevating their overall security strategy and posture. In other words, steps they can take to protect data and remain diligent and prepared to face constantly evolving security threats. If you’ve met me, you know I’m passionate about this, and I love to educate on this topic. But I’ll try to give you the short version of what we covered: 

  • When it comes to accounting firm security, you can’t take a static approach. And you can’t aim for ‘good enough.’ You need to look across industries and professions and take active measures to apply best practices.
  • Have a comprehensive definition of security that includes not just your staff, but your clients as well. You may not be comfortable with this responsibility. But the reality is you house shared client data, and your clients trust you to keep their data secure.
  • Consider ways to expand your advisory services by offering key clients secure application access and related services. In other words, use security to foster deeper client conversations and relationships.
  • Expand your definition of network or surface area. Your firm’s attack vectors are constantly expanding, so you need to be vigilant and informed about the numerous ways your data might be at risk. 

Accounting security: Firms shouldn’t go it alone 

The topic of security won’t lessen in importance anytime soon. And our team at Rightworks is working hard to produce ongoing, meaningful security guidance for you. 

If you want to learn more about my approach to building security services for your accounting firm from a product perspective, I’d love for you to watch my recent WISP webinar. It’s a great first step in the right direction. And hopefully, we’ll get a chance to connect in person to discuss 2025’s biggest security topics at next year’s RightNOW conference! 

Until then, stay up to date about the latest trends in accounting firm security by subscribing to our blog below. 

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.