Millions of people participate in Dry January every year.
They cut out something they already know isn’t helping them—because they want clarity, better performance, and fewer regrets later. They stop pretending “I’ll deal with it after busy season” is a strategy.
Your accounting or tax firm has its own version of Dry January.
It just shows up as technology habits that quietly increase cyber liability instead of cocktails.
I work with accounting and tax firms across Metro Detroit and Southfield every day. These habits are common, understandable, and deeply ingrained. Everyone knows they’re risky or inefficient. Everyone keeps doing them because deadlines are tight and nothing bad has happened yet.
Until it does.
Here are six tech habits accounting firms should quit cold turkey this month—and what to do instead—so cyber liability doesn’t grow unnoticed during your busiest season.
Habit #1: Clicking “Remind Me Later” on Software Updates
That little button creates more cyber liability than most firms realize.
I understand why it happens. Restarting a workstation in the middle of return prep or e-filing feels impossible. But updates aren’t cosmetic—they’re often closing security gaps that attackers are actively exploiting.
“Later” turns into weeks. Weeks turn into months. And now your firm is operating with known vulnerabilities—exactly the kind cyber insurers, auditors, and regulators assume are already patched.
Large ransomware incidents didn’t happen because firms were reckless. They happened because patches were available—and postponed.
Quit it:
Schedule updates to run after hours or let your IT partner manage them silently in the background. No surprise interruptions. No lost productivity. And no unnecessary cyber liability exposure.
Habit #2: Reusing the Same Password Across Firm Systems
Almost every accounting firm has one.
A password that meets requirements, feels strong, and gets reused across email, cloud storage, tax software, banking portals, and vendor platforms.
Here’s the reality: data breaches happen constantly—often at small, obscure services. When that happens, email-and-password combinations are sold and reused automatically.
Attackers don’t guess passwords anymore. They reuse them.
That means one compromised login can expose client data, internal systems, and financial platforms—creating real business, legal, and regulatory liability overnight.
Quit it:
Deploy a password manager across the firm. One master password. Unique, complex credentials everywhere else. This is one of the fastest, most cost-effective ways to reduce cyber liability—and something insurers now expect to see.
Habit #3: Sharing Passwords via Email, Text, or Slack
This is incredibly common in small and mid-sized firms:
“Can you send me the login?”
“Sure—just sent it.”
That message now lives forever—in inboxes, backups, and cloud archives. If any one account is compromised later, attackers can search message history and harvest credentials instantly.
This is how small access issues become firm-wide incidents.
Quit it:
Use password managers with secure sharing features. Access can be granted without revealing the actual password and revoked instantly. If credentials must be shared manually, change them immediately after. Permanent access should never live in permanent messages.
Habit #4: Giving Everyone Admin Access Because “It’s Faster”
This usually starts during a busy moment.
Someone needs to install software or change a setting. Instead of slowing things down, admin rights are granted—and never revisited.
Admin access means full control. If that account is phished, attackers gain the same power.
From a cyber liability perspective, this dramatically increases both impact and recovery time during an incident.
Quit it:
Adopt least privilege access. Each team member gets exactly what they need—nothing more. It takes a bit of setup, but it sharply limits risk and is a key expectation under IRS 4557 and FTC Safeguards-aligned security programs.
Habit #5: “Temporary” Workarounds That Became Permanent
Something broke. A workaround was created. Everyone agreed it was temporary.
That was years ago.
Now the workaround is the process.
These shortcuts quietly drain productivity and create fragile systems that only work as long as nothing changes—and something always changes. They also increase operational risk because they rely on memory instead of documentation.
Quit it:
Start by listing the workarounds your firm relies on. Visibility alone is powerful. Once documented, those processes can be stabilized and replaced with solutions that reduce frustration—and cyber liability—across the firm.
Habit #6: The Spreadsheet That Runs Critical Firm Operations
Every firm has one.
A spreadsheet with multiple tabs, complex formulas, and just enough tribal knowledge to keep it alive. If it corrupts—or the person who understands it leaves—operations stall.
That’s a single point of failure.
Spreadsheets lack strong audit trails, access controls, and reliable backup testing. When they support billing, scheduling, client tracking, or compliance workflows, they quietly increase risk.
Quit it:
Document what the spreadsheet actually supports, then migrate those processes into systems built for them. Proper platforms offer permissions, backups, and accountability—reducing both operational friction and cyber liability exposure.
Why These Habits Are So Hard to Break in Accounting Firms
You already knew most of these were risky.
The problem isn’t knowledge—it’s capacity.
These habits persist because:
- Consequences stay invisible until they’re catastrophic
- The “right way” feels slower during busy season
- Everyone else in the industry does the same things
That’s why Dry January works. It interrupts autopilot and forces awareness—before the cost becomes real.
How Accounting Firms Actually Break These Habits
Willpower doesn’t fix systems.
Environment does.
Firms that successfully reduce cyber liability don’t rely on discipline—they change defaults:
- Updates are automated
- Password managers eliminate insecure sharing
- Access is centrally managed
- Workarounds are replaced with documented workflows
- Critical systems are backed up and tested regularly
The right behavior becomes the easiest behavior.
That’s what a strong IT partner does—especially one that understands accounting firms, busy season pressure, and Detroit-area business realities.
Ready to Reduce Cyber Liability Before Busy Season Peaks?
Start with a Discovery Call.
In just 15 minutes, we’ll review where cyber liability is hiding, what matters most for your firm right now, and what to prioritize next—without jargon or scare tactics.
You’ll leave with clarity, not another checklist.
👉 Schedule your Discovery Call today.
Because some habits are worth quitting cold turkey—and January is the right time to protect your firm, your clients, and your reputation.
Are You at Risk?
Most accounting and tax firms don’t realize they’re carrying unnecessary cyber liability until something brings it into focus — a client security questionnaire, a cyber insurance renewal, or a close call during busy season.
If you lead a firm that handles financial data, tax records, and personally identifiable information, the real question isn’t whether cyber risk exists — it’s whether you can see it clearly and prove it’s under control.
Consider these common situations:
- You assume your backups work, but haven’t personally verified a successful restore
- You’re unsure how quickly suspicious activity would be detected or contained
- Client or insurer questions about security feel harder to answer each year
- Controls exist, but documentation and proof are inconsistent
- Cybersecurity lives “somewhere with IT,” not clearly at the leadership level
If any of this sounds familiar, your firm may be exposed to hidden cyber liability — business, legal, operational, and reputational risk that doesn’t appear on a balance sheet until it matters.
A Clearer Way to Understand Your Risk
That’s why we offer a complimentary Cyber Risk Assessment designed specifically for accounting and tax firms.
This assessment helps you:
- Understand your firm’s current cyber liability exposure
- Identify gaps that could impact client trust, insurance coverage, or continuity
- Separate real risk from background noise
- Prioritize practical next steps — without disruption or technical overwhelm
No scare tactics. No jargon. Just clarity.
👉 Start with the Cyber Risk Assessment
https://mtsconsultinggroup.net/riskassessment
Because the goal isn’t perfection —
it’s confidence, proof, and control.
