Data Security

Last updated: August 9, 2022

Your data is protected by Andrew Griffith CPA using, but not limited to, the following methods:

  1. Multifactor authentication (MFA): We always use MFA to access all electronic data associated with our firm and its clients. Our use of MFA involves two or more steps required to authenticate user access to the data. MFA includes, but is not limited to, the use of a combination of pins, strong passwords, biometric identifiers, tokens, and security keys.

  2. Least amount of access: We limit data access to only those who have a legitimate need to access data to perform their work. Those without a legitimate need to access data do not have access to such data.

  3. Data loss prevention (DLP): We utilize encrypted backup systems at both the firm and vendor levels to protect against the loss of data and situations that would restrict the firm’s ability to operate. Such systems are not limited to online components and the availability of hot sites.

  4. Network access restrictions: We utilize a no-log, virtual private network (VPN) whenever we conduct business digitally. Our digital data is transmitted in encrypted environments equal to or better than AES-256 (Advanced Encryption Standard with 256-bit keys). We utilize firewall systems on each device. These ensure that only authorized personnel have access to client data.

  5. Encryption: We store all data in an encrypted format equal to or better than AES-256. Some data is encrypted multiple times. Whenever possible, data is stored in a zero-knowledge encrypted electronic environment.

  6. System Updates: We monitor our systems daily and install all security updates when these become available.

  7. Anti-Virus Protection: We regularly scan our data and programs for viruses to protect our systems from data compromising situations.

  8. Secure Communications: We utilize our secure portal for client communications to ensure that we are communicating with our clients and that our communication remains confidential.

If you have any questions or concerns about our methods to protect your data, please contact us in writing via the client portal, email, or the Contact page.