Have A Question? Call Us At (830) 265-4200
The Most Cost-Effective Training Program For Keeping Your CPA Firm Secure

Attention: CPA Firm Owners and Partners

Are You Concerned About Your Firm Getting Hit With Ransomware Or Worse, Having Client Information Stolen?

Take A Look At The ONLY Program Designed Specifically For The Needs Of Small CPA Firms To Reduce The Risk Of A Breach By
Up To 90%

Free Phishing Security Test

Find Out Whether Your Firm Is Vulnerable To The Most Common Way Client Information Is Stolen In Under 30 Minutes

Michael E. Tompkins
Author & President
CPA Technology Group

Dear Fellow CPA,

If you’re like most CPA owners I work with, most of your revenue comes from tax prep. You know that those clients expect that you are doing everything you can to keep their personal information from falling into the wrong hands.

Your clients don’t really care whether you’re a 3-person, or 300-person firm. They expect that you’re keeping them safe.

“Well, it’s okay you leaked some of my most personal details to hackers in China, you only have 5 employees. Who knew you’d be a target!” – something you’ll never hear a client say.

And what will those clients do if you disclose their information? Leave. Studies show that when a business experiences a breach, 60% of your clients will think about leaving, and 30% actually do.

The problem is, you don’t have the funds a 300-person firm has to spend on security. You have to protect your clients’ personal information in an economical way that isn’t going to weaken your bottom line.

Introducing our Security Awareness Program for CPAs, the only course designed specifically for the needs of small CPA firms to drastically reduce the chance of your firm getting hacked.

Including our proven, step-by-step formula that takes your staff from not even thinking about security to becoming a “Human Firewall” of which nothing suspicious will pass.

“But, how will training our staff keep us from getting hacked?”

More than 9 out of 10 successful cyber attacks are due to employee error.

Let me repeat that.

More than 9 out of 10 successful cyber attacks are due to employee error.

How can that be? The story below illustrates this well.

At a CPA firm in Texas, it was the middle of tax season (February) and everything was business as usual.

Staff were prepping returns, emailing with clients and saving the tax documents they were being sent.

However, one of these emails wasn’t quite what it seemed.

It appeared to be a run-of-the-mill email containing a tax document from a client. Except it wasn’t. Upon opening it, the computer of the employee who opened it was locked up, prompting to pay a ransom.

By then, the ransomware had jumped to their server and encrypted all of the client files there, too. No one could work and the office ground to a halt.

Here’s the thing…

They had a firewall.

They had antivirus.

They had an IT guy.

None of this stopped that from happening.

It took them a full 3 days to recover from a backup and get up and running again. For a 15-person firm, losing 3 days of productivity during tax season is costly, to say the least.

But really though, they lucked out that they only had downtime. These firms were not so fortunate:

And that’s just a few of the dozens upon dozens of CPA and tax prep firms this is happening to.

When the average cost per record (i.e. SSN) of a data breach is $221, the cost of lax security adds up fast.

Not only do you have to disclose it to your state regulatory agency, the law requires you to send a letter to ALL your clients that looks something like this:

Why has this gotten so bad? Cybercriminals have figured out 2 things in recent years:

  1. It’s much easier and quicker for them to get into a network by deceiving an employee than it is to do some type of technical exploit.
  2. Even a small CPA firm can contain extremely valuable information on hundreds or thousands of individuals.

Those two things combined have led to an onslaught of CPA firms being attacked.

In fact, even IRS Commissioner John Koskinen has weighed in, saying We’ve been warning tax professionals that they are increasingly the targets of national and international cybercriminal rings.”

“We urge the tax professional community: Beware your inbox. Don’t take the bait from these phishing scams.”

The good news is that what happened at this firm in the above story is 100% preventable. How?

Training staff so they don’t get deceived into clicking on links or opening attachments they shouldn’t.

And that’s exactly what our Security Awareness Program does. It trains your staff so they know better. No longer will they be vulnerable to some low-life hacker who wants nothing more than to wreak havoc on your business for his own financial gain.

How Does This Program Actually Train Employees?

Glad you asked!

Typical employee training programs involve annually watching a bland video or PowerPoint presentation on the 25 things employees need to to stay safe.

As soon as it’s over, the employees wake up and go about their day, not retaining any information, let alone changing their actual behavior.

We decided that if we’re actually going to get people to behave differently, they need continuous reinforcement.

First, we run employees through our hour-long, interactive Kevin Mitnick Security Awareness Training (1 hour of CPE credit included). If you haven’t heard of him, Kevin Mitnick was a former hacker himself, managing to end up on the FBI’s Most Wanted List.

Now, he trains people on the very techniques he used to use. In this self-paced training, he actually shows what can happen when an employee clicks or opens something they shouldn’t. It also covers the role employees play in security and the red flags they need to be on the lookout for.

But we don’t just stop there.

We begin sending at least twice-monthly Phishing Security Tests (PSTs) to all staff.

What the heck is a Phishing Security Test? It’s an email designed to look like a real phishing email.

We use various templates based on current events and real world, CPA-specific phishing emails we’ve received to put these tests together.

If an employee clicks on it, they receive a window that’ll tell them, “Oops, you clicked on a phishing email!” with the specific red flags they should’ve looked for.

We track who clicks on them and send you a monthly report detailing that.

This keeps your staff “on their toes” when reviewing their inbox and browsing the web.

On top of that, we send out a monthly Security Tip on topics ranging from physical security to accessing the internet when out in public.

We also provide a “Phish Alert” button that can be installed in Outlook. This button gives staff an easy way to report phishing emails.

We then analyze those and use the content in future tests we send out.

These elements combined turn head knowledge into actual behavior change.

How do we know this?

Well, to date, none of our clients have experienced malware, ransomware, or a data breach due to employee errors.

In fact, we're so confident in our program, we offer TWO guarantees.

Ransomware Payment Guarantee

If your firm gets hit by ransomware after going through our training, we’ll pay the ransom on your behalf, up to $1,000. We have a Bitcoin account setup and ready to go just for this purpose.

How can we do that? We know this works and “put our money where our mouth is.” Properly trained staff reduce the risk of this happening to virtually zero.

Unbeatable Money-Back Guarantee: 60-Days, 100% Risk-Free

Try our firm security training program.

If you don’t LOVE it and feel that your firm is much safer than before, I insist that you get 100% of your money back with no hassle whatsoever.

I’ll even eat the credit-card processing fees.

Here's what a few people have said about our program...


“I felt validated taking the training and learning to recognize these attacks when the owner of a CPA firm in our complex came by to warn us their whole office had been hit with ransomware and their computers were locked up.”


“After going through the training, we were surprised at how much we learned. My staff now realize how important it is for them to take security seriously and to be vigilant on the web and in their inbox. They now report phishing emails promptly using the Outlook button! I highly recommend all CPA firms go through this training!”


“In today’s cyber world, it is critical that we stay on top of everything that is happening with respect to securing information. Keeping our client’s information secure is of the utmost importance to us, and that requires keeping our staff up to date with the latest training. Without a doubt, the client’s expectation is that their information is secure – it’s up to us to keep it that way.”

Have A Question That Was Not Answered Here?

Call us at (830) 265-4200

// -->