AEAsk Erik
Computer Services
541-359-3111Book Assessment
← Industries

Financial Services

Managed IT for Financial Services

Secure IT for CPAs, financial advisors, and bookkeepers in Lane County.

The IT Reality for Financial Services

Financial services firms handle client data that attackers specifically target: tax records, account numbers, Social Security numbers, and investment information. A phishing attack on one staff member can expose every client you serve. Ask Erik provides financial services firms with the security controls needed to protect client data — MFA, encrypted communications, access controls, and the documentation that demonstrates due diligence to regulators and clients.

Common IT Challenges

  • Client financial data targeted by phishing and social engineering
  • Regulatory expectations for data security (IRS, state licensing boards)
  • Secure client file delivery and communication
  • Staff phishing susceptibility
  • Remote access for CPAs working from home or client sites

What We Do for Financial Services

Practical IT management focused on the systems and risks that matter most for your practice.

Client Data Access Controls

Role-based access so staff only see client data relevant to their work, with audit logging to document who accessed what.

MFA & Secure Remote Access

Multi-factor authentication for all users and Zero Trust remote access — protecting client data whether staff are in the office or working remotely.

Encrypted Client Communications

Secure file sharing with clients for tax returns, financial statements, and sensitive documents — without the risk of unencrypted email attachments.

Microsoft 365 with Compliance Features

M365 Business Premium configured with audit logging, Conditional Access, and information protection policies appropriate for financial data.

Encrypted Backup & Recovery

Daily encrypted backups of client records and financial data with tested recovery procedures — so a ransomware attack doesn't mean losing years of client files.

Staff Phishing Training

Simulated phishing campaigns and security awareness training — finance staff are among the most-targeted employees in any organization.

Frequently Asked Questions

What security standards should my firm meet?

The IRS requires tax preparers to maintain a Written Information Security Plan (WISP) under the FTC Safeguards Rule — this isn't optional guidance, it's an active requirement. Depending on how you're licensed, your state CPA board, FINRA (for broker-dealers), or the SEC and state securities regulators (for registered investment advisers) layer on additional requirements. Regardless of which applies to you, the baseline is the same: MFA everywhere, encrypted storage and communications, access controls, a documented incident response plan, and annual staff training — and that's exactly where I start, then I adjust for whatever your specific license adds on top.

How do we share financial documents securely with clients?

A client portal — either built into your practice management software or a properly configured SharePoint setup inside Microsoft 365 with access logging — is the right approach. It avoids unencrypted email attachments sitting in an inbox indefinitely, where a tax return or brokerage statement can sit forwarded and forgotten for years, and it gives you an audit trail of exactly what was shared and when, which matters if a client or regulator ever asks. I set this up once and train your staff to default to it instead of falling back to email out of habit during a busy season.

What should we do if a staff member clicks a phishing link?

Isolate the device immediately — disconnect it from Wi-Fi or unplug it — change the passwords on any accounts that were open in that session, and call your IT provider right away. Speed is everything here: the exposure grows every minute the account sits compromised, and business email compromise attacks targeting finance staff often move fast, sometimes attempting a fraudulent wire request the same day. Firms with an incident response plan written down before it happens act in minutes; firms without one spend the first hour just figuring out who's in charge of the decision.

Do you help with compliance documentation?

Yes. I help financial firms build the documentation regulators actually look for — security policies, risk assessments, access control records, incident response plans, and training logs — organized so you can hand it over during an exam or a client request instead of assembling it under deadline pressure from scattered emails and half-remembered decisions.

What makes Ask Erik different from other IT companies?

You work directly with me — the person who actually understands your compliance obligations, not a rotating technician starting from zero every visit. I've spent over 40 years in IT, running Ask Erik Computer Services since 2006 and serving Lane County firms since bringing the business to Eugene in 2017. I'm a Microsoft Partner, AI-certified, and a BNI Hall of Fame member here in Eugene. I document every security control and access change — the kind of record that matters when a regulator or a client asks what you have in place. I explain things in plain English, return calls, and plan ahead instead of reacting to fires. When something breaks, I tell you why and what we're changing, not just that it's "resolved."

Client data security is a competitive differentiator.

We help financial services firms in Lane County build the security posture that protects clients and satisfies regulators.

Book a Free Assessment 541-359-3111