Published by Impress Computers | May 20, 2025
The Room Got Quiet When He Asked This One Question
“When was the last time you tested your backups?”
Silence.
That moment — at the TXCPA Houston Annual Conference on May 20, 2025 — set the tone for what turned out to be one of the most eye-opening sessions of the day. Roland Parker, Founder and CEO of Impress Computers and Amazon Best-Selling Author of Exposed & Secure: The True Cost of Cybersecurity Inaction, took the stage to deliver a no-holds-barred look at the cybersecurity threats facing CPA firms today — and exactly what to do about them.
Why CPA Firms Are in the Crosshairs
Roland opened with a reality check that landed hard: CPA firms are among the highest-value targets for cybercriminals. Why? Because they sit at the intersection of everything attackers want:
- 📂 Social Security numbers, tax records, and financial statements
- 🔑 Login credentials and system access for dozens — sometimes hundreds — of client businesses
- ⚖️ Regulatory obligations that make a breach catastrophic, not just embarrassing
- 🎯 Typically smaller IT and security budgets than the clients they serve
“You are not a small target,” Roland told the audience. “You are a high-value target with a small security budget. That is a dangerous combination.”
The Threats Are Real — and Closer Than You Think
Drawing on real-world breach cases (no names, but the details were uncomfortably familiar), Roland walked through the threat landscape hitting CPA firms hardest right now:
- Ransomware — One regional Texas CPA firm paid $180,000 in ransom, lost 40% of their client base, and spent six weeks in recovery mode.
- Business Email Compromise (BEC) — A solo practitioner in Florida had $92,000 redirected in a single wire fraud attack. No cyber insurance. The firm closed within a year.
- Microsoft 365 Credential Attacks — A mid-size Midwest accounting firm had 600 client records exposed after a credential stuffing attack on their M365 environment, triggering an FTC investigation and class-action lawsuit.
“None of these firms thought it would happen to them,” Roland said. “That’s exactly why it did.”
The Recommended Security Stack for CPA Firms
One of the most practical and well-received parts of the session was Roland’s breakdown of the complete security stack he recommends for CPA environments — both on-premise and in the cloud.
🖥️ On-Premise / Office Environment
| Layer | Solution |
|---|---|
| Firewall | Physical firewall for in-office networks; Virtual firewall for remote users |
| Zero Trust | Threatlocker — Application allowlisting, Network Control, and USB Lockdown |
| MDR | Rocket Cyber — Managed Detection & Response with 24/7 monitoring |
| EDR + SOC | Endpoint Detection & Response backed by a live Security Operations Center |
| Next-Gen AV | AI-driven antivirus that catches zero-day and fileless malware |
| Backups | On-site + encrypted off-site backups with quarterly restore testing |
☁️ Cloud / Microsoft 365 Environment
| Layer | Solution |
|---|---|
| MFA | DUO — push, biometric, and hardware token options |
| AI Email Security | INKY Pro — scans for PII, BEC, and phishing with AI-powered user warnings |
| SaaS Alerts | Real-time alerts for logins from outside your normal environment |
| Cloud Backups | Spanning — full M365 backup: Exchange, SharePoint, OneDrive & Teams |
🔎 Vulnerability, Pen Testing & Compliance
| Tool | Purpose |
|---|---|
| Vulscan | Continuous internal & external vulnerability scanning with prioritized remediation |
| Vonahi Pen Testing | Automated network penetration testing that simulates real attacker techniques |
| Compliance Reporting | Audit-ready reports mapped to IRS 4557 WISP, FTC Safeguards, NIST, and SOC 2 |
Compliance Is Not the Same as Security
One of the most quoted lines from the session:
“Being compliant does not mean you are secure. But being secure makes compliance a whole lot easier.”
Roland walked through the key regulatory obligations CPA firms in Texas must be aware of:
- IRS Rev. Proc. 4557 — Requires a Written Information Security Plan (WISP)
- FTC Safeguards Rule — Updated in 2023, covering tax preparers specifically
- TDPSA — The Texas Data Privacy & Security Act, effective July 2024
- AICPA SOC 2 — Increasingly required by enterprise and institutional clients
The 90-Day Action Plan
Roland closed the session with a challenge to every attendee: “Don’t leave here and do nothing.” He laid out a simple 90-day roadmap:
Days 1–30 — Foundation: Enable MFA everywhere, inventory every device and vendor, deploy Next-Gen AV and EDR, roll out a password manager.
Days 31–60 — Harden: Deploy Zero Trust (Threatlocker), implement AI email security (INKY Pro), set up SaaS login monitoring alerts, run your first phishing simulation.
Days 61–90 — Validate: Run a vulnerability scan (Vulscan), commission a pen test (Vonahi), review your WISP compliance posture, and test your backup and disaster recovery plan.
About Roland Parker
Roland Parker is the Founder and CEO of Impress Computers, a Managed Service Provider based in Katy, Texas, serving CPA firms and professional service businesses across the greater Houston area since 1993. He is the Amazon Best-Selling Author of:
- 📘 Mastering AI: How Business Leaders Can Harness the Power of Artificial Intelligence
- 📘 Exposed & Secure: The True Cost of Cybersecurity Inaction
In 2024, Roland was honored as an MSP Titan of the Industry — a national recognition awarded to top-performing MSPs for service excellence, business growth, and leadership.
Ready to Protect Your Firm?
If you attended the session and want to take the next step — or if you missed it and want a personalized walkthrough of what your firm’s security posture looks like today — Impress Computers offers a complimentary cybersecurity risk assessment for CPA firms in the Houston area.
📞 281-647-9977
🌐 impresscomputers.com
📧 info@impresscomputers.com
📍 21733 Provincial Blvd, Suite 110, Katy, TX 77450
Cybersecurity for CPAs: Key Takeaways from Roland Parker’s Session at TXCPA Houston
Impress Computers is a Katy, Texas-based Managed Service Provider specializing in cybersecurity, compliance, and IT infrastructure for CPA firms, construction, manufacturing, and professional services companies across the Houston metropolitan area.
