Try Us Free for 60 Days

CPA Site Solutions Security Measures

"CPA Site Solutions has the most secure client portal available on the market."

Protecting your data and client data is critical. While most client portal vendors provide five or six layers of security, CPA Site Solutions protects you with 11 full layers of security to keep you and your clients at ease.

1. Certified Regulation-Compliant Datacenter

Not all datacenters are created equal. The best datacenters are both SSAE 16 and SAS 70 Type II certified, which means a specially trained CPA Firm performed an in-depth audit and verified that the datacenter has sufficient processes, controls, and safeguards to keep data safe from theft, corruption or mishandling.

Unlike the Type I Certification which only measures a certain point in time, the Type II Certification measures and evaluates security over time.

The Sarbanes-Oxley Act requires all publicly traded companies to use SSAE 16/SAS 70 Type II Certified datacenters. So you can protect yourself the same way publicly traded companies protect themselves, because all of CPASiteSolutions' Servers are located in high quality SSAE 16/SAS 70 Type II Certified Datacenters

The Sarbanes-Oxley Act requires all publicly traded companies to use SSAE 16/SAS 70 Type II Certified datacenters. With CPA Site Solutions, you get the confidence of knowing that you're protecting your firm at the same level of security of publicly traded companies, as all CPA Site Solutions servers are located in high-quality SSAE 16/SAS 70 Type II Certified Datacenters

Our servers are housed in a secure guarded facility with closed-circuit motion sensitive video surveillance, 24/7. Physical access to these servers is strictly limited to authorized datacenter personnel only, and all personnel are further restricted by Dual Factor Biometric Authentication Barriers. Translation? Your data is kept safe with CPA Site Solutions.

2. Encrypted File Storage

While most client portal providers encrypt data as it's transferred to the server, a lot of them fail to encrypt the data when it's on the server. Since the data spends the majority of time on the server, we feel it's necessary to store the data in an encrypted format.

Storing data in an encrypted format requires a lot of programming from high-level security experts as this process places a heavy load on the server's processors. As a result, significantly fewer accounts can be placed on each server.

While storing data in an encrypted format is expensive, it's definitley worth the time and money. According to corporate and government security regulators, encryption is considered the most effective method of securing personal and corporate information. Furthermore, many data protection laws specifically list encryption as a "safe harbor" exception to notification rules and some laws explicitly require the use of encryption.

Encrypted File Storage

3. High Level Filename Obfuscation

To further boost your security, all filenames stored on our servers are completely unrecognizable. What does this mean? Instead of meaningful filenames, what appears is a completely random set of characters and numbers.

Therefore, in the unlikely event of a hack, it would be impossible for the hacker to make any sense of the files. And remember, a hacker cannot read the content of the files because they are encrypted. A win for you and a total loss for the hacker.

4. Forced SSL Transfer

Hackers have many ways to intercept data that is unsecurely transferred over the web, and it's becoming even easier to do so with the ever-growing use of laptops and wireless routers.

The best way to protect your data is to transfer it over a Secure Socket Layer (SSL). SSL encrypts the data so it becomes useless to anyone who goes through the effort of capturing it.

The CPA Site Solutions client portal keeps you constantly protected as it automatically recognizes if a user is trying to transfer information in a non-secure fashion and as a result, will force the transfer to occur over an encrypted Secure Socket Layer.

5. SQL Injection Protection

SQL injection is a common method that hackers use to break into databases. Millions of websites are hacked with SQL injection each year. To protect against SQL injections, CPA Site Solutions client portal utilizes parameterized data calls that prevent any changes to query intent, even if SQL commands are inserted by an attacker.

6. Brute Force Login Protection

Brute force attacks occur when a hacker writes a program that runs through millions of common username and password combinations to gain access to a secure system.

With CPA Site Solutions, you are protected from Brute Force attacks with the CAPTCHA feature. After three incorrect login attempts, the CPA Site Solutions client portal will require a human to read an image that appears. CAPTCHA is a security feature that helps distinguish human from machine behavior and stops computer programs from guessing user and password combinations.

7. Strong Password Policies

While unsafe for obvious reasons, weak passwords are still a very common mistake that puts personal data and online security at risk. The CPA Site Solutions client portal has rules in place that require passwords to meet stringent levels of criteria.

8. State-of-the-Art Firewall

CPA Site Solutions uses a state-of-the-art CheckPoint UTM-1 Edge Firewall that is configured with the least number of ports open and advanced IP restrictions.

9. Encrypted "Cross Server" Backups

Backup media often is held and transferred in "less secure" environments, and therefore provides an "in" for hackers.

However, CPA Site Solutions stores your backup files in encrypted and secure facilities. This means that even if a hacker gained accessed to our backups it would be impossible to retrieve any information due to the high level of file encryption.

10. Detailed Audit Trails and Reporting

All accounting firms must comply with the Gramm-Leach-Bliley Act and are accountable for the safe and verifiable delivery of sensitive information. Firms must additionally make sure the intended recipient is the only recipient.

The CPA Site Solutions Secure Firm Portal provides records of every transaction and allows you to:

  • Reduce the time and cost of complying with privacy regulations
  • Prove that information has not been leaked
  • Eliminate customer service costs associated with disclosure of a data breach
  • Eliminate the legal liability associated with data breach disclosure

11. Operating System Hardening and Patch Management

Server operating systems are not secure when they come out of the box. It takes highly-skilled software technicians to hone and harden the system software to minimize exposure to current and future threats.

CPA Site Solutions servers are continually updated with the newest OS patches, hotfixes and updates to reduce the threat of security attacks and system downtime. These advanced security measures are fully compliant with Sarbanes-Oxley and Gramm-Leach-Bliley.