Roland Parker warns CPA firms on cyber risk at TXCPA Houston conference

By AI, Created 10:26 PM UTC, May 29, 2026, /AGP/ – Impress Computers CEO Roland Parker told accounting professionals at the TXCPA Houston Annual Conference that CPA firms are prime cybercrime targets and need layered defenses now. He also laid out a 90-day action plan covering MFA, zero trust controls, email security, backups, vulnerability scans and compliance checks.

Why it matters: - CPA firms hold sensitive financial records, tax data and client access that make them attractive targets for ransomware and business email compromise. - Parker said many accounting firms still have security budgets and defenses that do not match the risk they face. - A successful attack can trigger direct financial losses, client churn and reputational damage for firms that handle trusted financial information.

What happened: - Roland Parker, founder and CEO of Impress Computers and author of Exposed & Secure: The True Cost of Cybersecurity Inaction, spoke at the TXCPA Houston Annual Conference in Houston on May 29, 2026. - Parker delivered a session titled “Cybersecurity for CPAs: Protecting Your Firm, Your Clients, and Your Reputation” to a standing-room audience of CPA practitioners, firm partners and accounting professionals. - Parker used the session to warn that cybercriminals are increasingly targeting accounting firms and to outline a practical defense plan.

The details: - Parker cited a Texas-based regional CPA firm that paid $180,000 in ransomware demands and lost 40% of its client book. - Parker also cited a solo practitioner who closed his firm after a business email compromise attack redirected $92,000 in client funds. - For on-premise environments, Parker recommended physical and virtual firewalls based on work location, zero trust controls using Threatlocker, managed detection and response via Rocket Cyber, endpoint detection and response backed by a 24/7 security operations center, AI-powered antivirus and multi-layer backup storage. - For Microsoft 365 and cloud setups, Parker recommended multi-factor authentication via DUO, AI email security through INKY Pro, SaaS Alerts for unusual logins and cloud backup via Spanning for Exchange, SharePoint, OneDrive and Microsoft Teams. - Parker also highlighted Vulscan for continuous vulnerability scanning, Vonahi for automated penetration testing and compliance reporting mapped to IRS Rev. Proc. 4557, the FTC Safeguards Rule, the NIST Cybersecurity Framework, TDPSA and AICPA SOC 2. - Parker said compliance reporting is part of the framework, but not a substitute for security. - Parker pointed to the IRS written information security plan requirement, the updated FTC Safeguards Rule that took effect in 2023, the Texas Data Privacy and Security Act that took effect in July 2024 and increasing client demand for AICPA SOC 2 certification. - Impress Computers is based in Katy, Texas, and serves CPA firms, construction companies, manufacturers, law firms and other professional service businesses. - Parker was recognized as an MSP Titan of the Industry in 2024. - Parker is also an Amazon best-selling author of Mastering AI: How Business Leaders Can Harness the Power of Artificial Intelligence and Exposed & Secure: The True Cost of Cybersecurity Inaction.

Between the lines: - Parker’s message reflects a broader shift in accounting security from basic compliance toward continuous monitoring, layered controls and incident readiness. - The emphasis on phishing simulation, penetration testing and backup recovery suggests the biggest risk is not only prevention failure, but slow detection and weak response. - The standing-room turnout signals that cybersecurity has become a front-line business issue for CPA firms, not just an IT concern.

What’s next: - Parker urged firms to follow a 90-day cybersecurity action plan. - Days 1–30 focus on enabling MFA, inventorying devices and vendors, deploying next-gen antivirus and EDR, and starting password manager rollout. - Days 31–60 focus on zero trust deployment, AI email security, SaaS login monitoring and a first phishing simulation. - Days 61–90 focus on vulnerability scanning, network penetration testing, WISP review and a live backup and disaster recovery test. - Parker encouraged CPA firms and accounting professionals to request a complimentary cybersecurity risk assessment from Impress Computers. - More information is available on Impress Computers and its social channels, including LinkedIn, Facebook and YouTube.