Security Measures

Client Portal Security Measures

"Our Client Portal is the Most Secure Client Portal available on the market."

“Our Client Portal is the Most Secure Client Portal available on the market.”

Your data is protected in extremely secure environments. Most Client Portal vendors provide 5 or 6 layers of security. CPA Site Solutions, who hosts our Client Portal, protects you with 14 full Layers of Security.

1. SAS 70/SSAE 16 Certified Datacenter

Not all datacenters are alike. You don’t want your client’s data hosted on a low cost “cheap” datacenter. The best datacenters are both SSAE 16 and SAS 70 Type II certified. That means a specially trained CPA Firm performed an in-depth audit attesting to the fact that the datacenter has sufficient processes, controls, and safeguards to keep your data safe from theft, corruption or mishandling.

Unlike the Type I Certification which only measures a certain point in time. The Type II Certification measures and evaluates security over time.

The Sarbanes-Oxley Act requires all publicly traded companies to use SSAE 16/SAS 70 Type II Certified datacenters. So you can protect yourself the same way publicly traded companies protect themselves, because all of CPASiteSolutions’ Servers are located in high quality SSAE 16/SAS 70 Type II Certified Datacenters.

The servers are housed in a secure, 24/7, around-the-clock, guarded facility with closed-circuit motion sensitive video surveillance. Physical access to the servers is strictly limited to only authorized datacenter personnel. And all personnel are further restricted by Dual Factor Biometric Authentication Barriers.

2. Encrypted File Storage

Almost all Client Portal providers encrypt the data as it’s transferred to the server. But what they fail to do is encrypt the data when it’s on the server. Since the data spends almost all it’s time on the server, we feel it’s necessary to store the data in an encrypted format.

If this were easy to do, everyone would be doing it. Storing data in an encrypted format requires a lot of programming from extremely high level security experts. All the encryption and decryption places a heavy load on the server’s processors so significantly fewer accounts can be placed on each server.

It’s expensive, but worth it when you consider that encryption is considered the most effective method of securing personal and corporate information according to corporate and government security regulators. In fact, many data protection laws specifically list encryption as a “safe harbor” exception to notification rules, and some laws explicitly require the use of encryption.

3. High Level Filename Obfuscation

As an additional level of security all of the filenames stored on the server are completely unrecognizable. Instead of meaningful filenames they are listed as a totally random set of characters and numbers.

On the very unlikely event a hacker finds their way into our servers, they would find it impossible to make any sense of the files. And remember, they can’t read the content of the files because all files are encrypted.

4. Forced SSL Transfer

Hackers have many ways to intercept data that is transferred insecurely over the web. And now it’s even easier with the wider use of laptops and wireless routers.

The best way to protect your data is to transfer the data over a Secure Socket Layer (SSL). SSL encrypts the data so the data is absolutely useless to anyone who goes through the effort of capturing it.

You are always protected because the Client Portal automatically recognizes if a user is trying to transfer information insecurely. The Portal then forces the transfer to occur under an encrypted Secure Socket Layer.

5. SQL Injection Protection

SQL Injection is a method hackers use to break into databases. Once in a database, a hacker can easily wreak havoc. Millions of websites are hacked with SQL injection every year. Even the United Nations website was recently hacked using SQL injection and cost hundreds of thousands of dollars to repair.

CPASiteSolutions’ Client Portal renders SQL Injection attacks completely useless because it utilizes the “Best Practice” of parameterized data calls.

6. Brute Force Login Protection

Brute force attacks occur when a hacker writes a program that runs through millions of common username and password combinations to gain access to a secure system.

You are protected from Brute Force attacks because after 3 incorrect login attempts the Client Portal uses CAPTCHA technology which requires a human to read an image that appears. This stops computer programs from guessing correct user and password combinations.

7. Strong Password Policies

Weak “easily cracked” passwords are unsafe. The client portal never allows weak passwords and allows firm administrators to require users to create passwords that meet certain levels of strength.

8. State-of-the-Art Firewall

CPASiteSolutions uses a state-of-the-art CheckPoint UTM-1 Edge Firewall that is configured with the least number of ports open and advanced IP restrictions.

9. Real Time Virus Scanner

The server is continually scanned for viruses and the virus database is updated every hour.

10. Encrypted "Cross Server" Backups

Another common hack is to attack and gain access to backups. Backup media often is held and transferred in “less secure” environments. Hackers know this and often find ways to gain access to backup data.

This is impossible with CPASiteSolutions’ Client Portal because the backup files are encrypted and stored in extremely secure facilities. Even if a hacker got their hands on our backups they would not be able to access any information because of the high level file encryption.

11. FireSlayer - Denial of Service Attack Protection

The servers are additionally protected from denial of service attacks. A denial of service attack is made when a virus infects thousands of computers on the Internet. Then all those infected computers make repeated requests to a single server. The targeted server often can’t handle the load and crashes. The FireSlayer system detects this kind of activity and automatically blocks the abusive traffic on-the-fly.

12. TippingPoint - Intrusion Prevention System

Hackers attempt to gain access to servers in many different ways. That’s why we use the award-winning TippingPoint Intrusion Prevention System. This system fully inspects every packet of data coming to the servers, then instantly determines whether it’s legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from ever reaching their targets.

13. Detailed Audit Trails and Reporting

All accounting firms must comply with the Gramm-Leach-Bliley Act and are specifically accountable for the safe and verifiable delivery of sensitive information. Firms must additionally make sure the intended recipient is the only recipient.

The Client Portal provides records of every transaction and allows you to…

  • Reduce the time and cost of complying with privacy regulations
  • Prove that information has not been leaked
  • Eliminate the customer service costs associated with disclosure of a data breach
  • Eliminate the legal liability associated with data breach disclosure

14. Operating System Hardening and Patch Management

There is a lot more to managing secure servers than you may realize. Server Operating Systems are not secure when they come out of the box. It takes highly skilled software technicians to hone and harden the System Software to minimize exposure to current and future threats.

Our servers are continually updated with the newest OS patches, hotfixes and updates to reduce the threat of security attacks and system downtime.

These advanced security measures are fully compliant with Sarbanes-Oxley and Gramm-Leach-Bliley.

Ask a Question

Find comfort in knowing an Expert in accounting is only an email or phone-call away.

We Are Here to Help

We will happily offer you a free consultation to determine how we can best serve you.

Blog

Attestation Services: Compilations, Reviews, and Audits CPAs offer attestation services as unbiased options

frequently asked questions

  • What Is A Virtual CFO & How Can It Transform My Business?
    • a. A Virtual CFO can be a much-needed sounding board, coach, and guide. Outsourced Virtual CFO is generally not just one person, but an experienced team of professionals providing a full-stack Accounting and Finance Department at a fraction of the cost that it would otherwise cost a business to hire even just one full-time CFO internally. The right virtual CFO service team, such as the one at Perpetual CPA, can deliver timely, detailed, comprehensive financial reporting, interpret the financial data, prioritize recommendations, give expert guidance on how to execute those recommendations, and ultimately give a better path to business success.
  • How can a Virtual Accounting Department help small businesses scale and grow?
    • a. A growing number of small businesses are opting to outsource services such as IT, human resources, or accounting. The benefit of a Virtual Accounting Department is that the company can reduce or increase services to accommodate current business needs. Because the service provider has multiple clients they can absorb fluctuations in workflow more easily than the average small/medium business can on its own.

      b. A Virtual Accounting Department can integrate with a company’s own accounting department to create a blended solution or provide a full-stack accounting department, including Accounting Staff, Manager, Controller, and Virtual CFO. By using a Virtual Accounting Department Small business owners don’t have to worry about hiring, training, figuring out compensation, and payroll compliance for the internal accounting team. Also as the business grows and new and more complex accounting and tax issues come up, the outsourced Virtual Accounting Department can provide all the needed expertise to facilitate continued business success.
  • What are the benefits of hiring a CPA firm?
    • a. Certified Public Accountants (CPAs) do a lot more than just crunch numbers and prepare taxes. They provide valuable expertise and strategies to help businesses and individuals achieve their business and financial goals. A CPA firm can help small businesses with management financial reporting, tax compliance, strategic business advice, and much more. Firms like Perpetual CPA, that specialize in helping small and medium-sized businesses achieve growth, can also provide Virtual CFO services, that help the business owners have the foresight into the short-term future cashflows and be able to more successfully navigate their business performance.
  • What are the best strategies for small business growth?
    • a. A business growth strategy is, simply, a plan of how a business gets from where it is today to where it wants to be in the future.

      b. Some of the questions to consider when coming up with a growth strategy are:
      i. Where will the business get new customers from?
      ii. How will the business expand into new markets?
      iii. What new products could the business offer?

      c. In reality, what happens with many small businesses, is that they generally achieve a specific level of business activity or sales and then the business growth trend flattens. In those cases, working with a firm like Perpetual CPA, which provides Virtual CFO services, can help small businesses avoid stagnation. Virtual CFO services, aside from providing timely accounting and tax reporting, can also provide valuable insight into the current performance of the business, as well as, foresight into the future cash flows for the business. Perpetual CPA Virtual CFO team helps small businesses interpret their financial information and come up with business strategies to help improve business performance and achieve growth.
  • What are the best strategies for small business risk management?
    • a. A risk management plan helps a business develop a detailed strategy to deal with certain risks that are particularly important for the businesses’ success.

      b. For many small and medium-sized businesses, the easiest way to develop and implement a business risk management plan is to work with a reputable CPA firm, such as Perpetual CPA. Large corporations invest a lot of resources and time into managing risk, which is a material factor that allows those large corporations to continue to generate billions of dollars in revenue every year. Small businesses, however, almost never manage any business risks, which is the major reason that over half of all the small businesses do not survive for more than 5 years. Generally, small business owners are not experienced corporate business professionals and lack the needed business knowledge, yet they often have to wear many hats while trying to get their businesses off the ground. In those situations, a CPA firm such as Perpetual CPA, can help small businesses better manage tax compliance risks, cash flow, internal controls, business administration, financial reporting, and much more.
  • What is Strategic Advisory and Virtual CFO? / How do Strategic Advisory and Virtual CFO services work?
    • a. When small businesses start spinning wheels, it is a good time to consider hiring a reputable CPA firm, such as Perpetual CPA, which can provide both Strategic Advice and Virtual CFO services.

      b. As a strategic advisor, the CPA firm will work with business management to improve the effectiveness and profitability of the business. They will look holistically at the business and find ways to operate the business more efficiently, increase customers through additional or improved marketing or improve customer touchpoints and service.

      c. As a Virtual CFO, the CPA firm is like a part-time version of a traditional CFO or Chief Financial Officer plus a full Accounting support team. They perform the tasks that in a larger organization would be performed by the CFO, Controller, and Accounting Staff such as preparing and overseeing the budget process, identifying and analyzing current and future trends, and developing strategies for the business growth.
  • How can timely financial visibility and management reporting help with better business decisions and growth?
    • a. A simple way to a successful business is to prioritize the timely financial visibility and management reporting as it means:
      i. Timely financial information and analysis are essential for making informed decisions, evaluating your company’s results, improving financial performance, and ensuring you are on the path to meet your strategic goals.
      ii. Management reporting is a source of business intelligence that helps business leaders make more accurate, data-driven decisions. But, these reports are most useful if they are available timely and the management receives proper interpretation of the business financial information.

free initial 30-minute consultation

    © Perpetual CPA 2023   •   Privacy Policy   •   Disclaimer   •   Accessibility Statement   •   Powered By   Designed by Dot Com Media Moguls