In an episode of The Successful Bookkeeper Podcast, ethical hacker and cybersecurity expert Ted Harrington breaks down what bookkeepers must do to protect their clients' sensitive data in an increasingly digital—and increasingly vulnerable—world.
Whether you’re a solo bookkeeper or running a growing practice, the security of your systems is part of the value you deliver. Data breaches don’t just affect large companies—they hit small businesses too, often with devastating consequences.
Here are the two core strategies from the interview that every bookkeeping business should understand and implement:
🔐 1. Think Like a Hacker: Identify and Eliminate Weak Points
One of the biggest mistakes small business owners make is assuming they’re too small to be a target. But according to Harrington, attackers don’t discriminate—they look for vulnerabilities, not company size.
Bookkeepers handle:
- Financial statements
- Login credentials
- Tax information
- Personally identifiable information (PII)
These are valuable assets to hackers, which means you are a target.
What to do:
- Audit your systems: Where are passwords stored? How is client data shared? What tools have access to sensitive files?
- Look for easy targets: Unsecured cloud storage, weak passwords, and outdated software are common entry points.
- Simulate attacks internally: Ask, “If I were trying to hack my own business, where would I start?”
The goal is to proactively find weaknesses before someone else does.
🔑 2. Security Is a Process—Not a One-Time Task
Security isn’t a checkbox you tick once. It’s a continuous, evolving process. Ted emphasizes that a secure system today can be insecure tomorrow if it’s not maintained and monitored.
Too often, businesses buy a tool or install antivirus software and assume that’s enough. But without a strategy for ongoing protection, those tools quickly become outdated.
What to do:
- Establish a security routine: Regularly update software, audit user access, and rotate passwords.
- Train your team (or yourself): Human error is the most common cause of breaches. Make sure everyone knows how to recognize phishing, use secure login methods, and avoid risky behavior.
- Use multi-factor authentication (MFA) everywhere possible—email, cloud software, banking apps.
- Backup critical data regularly and securely—ideally offsite and encrypted.
Think of security like bookkeeping itself: it works best when it’s consistent, documented, and regularly reviewed.
Other Key Takeaways
- Don’t chase perfection—start with progress. Small improvements (like stronger passwords or turning on MFA) make a big difference.
- Outsource where needed. If you’re not a tech expert, hire someone who can help you implement secure systems.
- Security is part of your service quality. Clients trust you with their most sensitive data—protecting it is a professional responsibility.
Security Checklist for Bookkeepers
✅ Conduct a data and software audit
✅ Turn on multi-factor authentication for all apps
✅ Use a password manager—never reuse passwords
✅ Train your team on cybersecurity basics
✅ Set a schedule for regular updates and reviews
✅ Back up all important data securely and offsite
✅ Don’t ignore “small” risks—hackers don’t
Cybersecurity may feel overwhelming, but it’s part of running a professional practice—just like reconciling accounts or lodging business activity statements. As Ted Harrington explains in Episode 258, protecting your data isn’t optional; it’s essential.
You don’t have to be a tech expert—but you do need a plan.
For more great content, check out The Successful Bookkeeper Podcast!
