Securing a Growing Accounting Firm After a Phishing Incident

The Challenge

The firm is a mid-sized accounting practice with 45 employees across two offices in Ontario. When a senior partner clicked a convincing phishing link, their Microsoft 365 credentials were compromised. The attackers accessed the partner’s mailbox for several hours before a colleague noticed unusual forwarding rules.

The firm had no multi-factor authentication, no endpoint detection, and no way to see what had been accessed. Their IT support was a local break-fix technician who visited once a week. The incident exposed a complete lack of security visibility — and with CPA Canada’s evolving cybersecurity expectations, the partners knew they couldn’t afford to ignore it.

Our Approach

We started with a security assessment that mapped every device, user account, and access point. Within the first week, we deployed CrowdStrike Falcon on all 52 endpoints and rolled out Okta for single sign-on with mandatory multi-factor authentication.

Next, we configured Sophos firewalls at both offices with unified threat management and set up 24/7 SOC monitoring. We ran a baseline phishing simulation — only 31% of staff identified the test email correctly. We then delivered targeted security awareness training in small group sessions, not a generic video module.

The entire deployment was completed in 18 business days with no disruption to billable work.

The Outcome

Six months after deployment, the firm has had zero successful phishing attempts. The phishing simulation pass rate climbed from 31% to 94%. Every device is now monitored with automated threat response, and the partners receive a monthly security report they actually read. The total monthly cost is less than what they previously paid for a single break-fix visit.