• Events & Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
  • Events & Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
HBS logo
HBS Logo
  • Infrastructure

    • CLOUD

      • Cloud Solutions
      • Public Cloud
      • Hybrid Cloud
      • Infrastructure as a Service
      • Cloud Security Solutions
      • Backup, Replication and Disaster Recovery
      • HBS Cloud Hosting Services

      DATA CENTER

      • Data Center Solutions
      • Traditional Data Center
      • Hyperconverged
      • Colocation
      • Directory Services
      • Cloud Email and Calendar Solutions

      NETWORK AND ACCESS

      • Network Infrastructure
      • Enterprise Mobility
      • Wireless Solutions
      • SD-WAN
      • Structured Cabling
      • Staff Augmentation
  • Managed Services

    • MANAGED ONE

      • Managed One Overview
      • Managed Backup and Disaster Recovery
      • Managed Firewall
      • Managed SaaS Security

       

      • Managed HaaS and SaaS
      • Managed IT Help Desk
      • Managed Network and Server Monitoring
      • Managed Email and Collaboration Security

      HBS + PARTNER SOLUTIONS

      • HBS Secure with Verkada
      • HBS Collaborate with Webex
      • Managed XDR
      HBS Managed One Megamenu Graphic
  • Modern Workplace

    • MICROSOFT

      • Microsoft Licensing Management
      • Microsoft Modern Workplace

       

      • Dynamics 365 Business Central
      • Dynamics 365
      • Dynamics GP

      COLLABORATION

      • Audio Visual
      • Unified Communication Solutions
      • HBS Collaborate with Webex
  • Professional Services

    • ADVISORY

      • Virtual CISO
      • Virtual CIO
      • Project Management
      • IT Business Consulting

      ENGINEERING SERVICES

      • Staff Augmentation

      AI & ANALYTICS

      • Artificial Intelligence
      • AI Advance
      • AI Predict
      • AI Assist
      • Data Management and Analytics

      APPLICATION INNOVATION

      • Website Development
      • Application Development

      DOCUMENT MANAGEMENT

      • Document Management Services
      • Document and Check Scanners
  • Security

    • CYBERSECURITY

      • Managed XDR
      • Penetration Testing
      • Vulnerability Scanning
      • Email Security Services
      • Digital Forensics and Incident Response
      • Backup, Replication and Disaster Recovery
      • Firewalls
      • Cloud Security Solutions

       

      • Virtual CISO
      • Virtual Security Team
      • Virtual Security Engineer
      • Cybersecurity Risk Assessment
      • Governance and Compliance
      • SOC 2
      • CMMC
      • Managed Security Awareness Training

      PHYSICAL SECURITY

      • Security Solutions
      • HBS Secure with Verkada
      Cybersecurity Risk Assessment Megamenu Graphic
  • Search
Contact Us
Case Studies

Accounting Firm Leads the Way with Data Security

Like all CPA firms, MHCS handles highly sensitive personal and business information. When their system administrator began to envision what a cyberattack could do to their company, he called HBS for a risk assessment. 

Corporate Table Discussion
MHCS Logo

Company: MHCS
Industry: Accounting
Employees: 78
Established: 1946
HBS Service: Penetration Testing, Security Training, Incident Response Planning

More Than Numbers

McGowen Hurst Clark Smith (MHCS) is one of the oldest and largest local CPA firms in Central Iowa, providing clients with deep experience and resources in tax and accounting, auditing, and business advisory and consulting services.

Like all CPA firms, MHCS is entrusted with highly sensitive business and personal information. Clients share confidential business insight (such as merger and acquisition data), company financials (including revenue and payroll), and employee records containing personally identifiable information (PII).

While attending a cybersecurity presentation, Mike Tullis, System Administrator at MHCS, began thinking about all the client information they manage and how securing it is a major responsibility.

During that moment, Tullis decided it was time for MHCS to test their network for vulnerabilities that could leave them open to attack. Before moving forward, he needed to present the idea to the MHCS leadership team.

“At first, I thought, who would ever want to attack a CPA firm in Iowa? But after Mike [Tullis] explained our risk, I began to understand what a cyberattack could do to a company and wanted to make sure we and our clients were protected,” said Mike Brinker, CPA and Shareholder at MHCS.

Getting Started with Cybersecurity

MHCS began their security program the way many information security life cycles begin—with a realization of responsibility. They identified the need and decided it was time to gain visibility into the organization’s security risks.

To initiate their information security program, MHCS established a relationship with HBS.

This is what our clients are saying

We met with HBS and it felt right, a company with national coverage and expertise, that still felt personable and in our backyard.
Mike Brinker
Mike Brinker
CPA and Shareholder - MHCS
MHCS worked on their first project with HBS in 2017 which was identifying vulnerabilities in their external and internal infrastructure by performing a penetration test. “Overall, we were happy with the pen test results. While we thought there would be an increased amount of external threats, we were actually in really good shape,” said Tullis. What MHCS did identify, however, was room for improvement with their internal infrastructure. Many companies think about breaches happening from the outside in but forget to check their internal network. To help fortify their network, MHCS elected to implement Multi-Factor Authentication (MFA), which enables them to verify users entering their system through multiple forms of authentication. Examples include passcodes, passwords, and biometrics. Identity and Access Management (IAM) was also identified as an area of improvement for MHCS. IAM enables organizations to reduce risk by restricting user access to only the items they truly need. This improvement is in MHCS’s plans for future implementation.

Understanding the Bigger Picture

Upon identifying the necessary internal updates, the MHCS team recognized the need to move forward with a wholistic information security approach. The next step in internal improvement was to get employee buy-in. They wanted employees to be on board with upcoming security implementations and to understand the big picture of cybersecurity and the role each employee plays. The team elected to introduce in-person cybersecurity education and training. Bringing in an experienced security consultant provided the MHCS team the opportunity to hear real life examples and recommendations from someone working daily in information security. The MHCS team was not only trained by one of HBS’s information security consultants, they were put to the test with customized email phishing campaigns and pretexting phone calls. Security testing helps employees see firsthand how attackers attempt to deceive victims. Hackers are looking for any weakness in an organization, and often, the weakness is an employee. Testing helps prepare employees for real-life attacks and elevates cybersecurity to top-of-mind. For MHCS, this is especially important during busy times (tax season) when they communicate with clients using multiple platforms. As a result, MHCS runs regularly scheduled security testing campaigns to keep it a priority.

Planning for the Best, Prepared for the Worst

Even with all the security awareness and training, it is still important to be prepared for a security incident. Through building a relationship with MHCS, HBS helped identify the need to develop an Incident Response Plan, to help guide their organization through security incidents in times of high stress. When an incident occurs, the last thing you want is to scramble for answers. As with any good plan, an Incident Response Plan evolves overtime. To initiate this process, HBS works closely with clients to explore the most important areas of their business. It starts with asking the right questions. HBS helped MHCS think about the impact an incident could have on their organization and how to react to it. MHCS continues to review and update their plan regularly to ensure all risks are considered and addressed as their company continues to change and grow. “My biggest concern is getting the call at 2 or 3 in the morning saying our system has been breached,” said Tullis. While this is still a concern within MHCS, they now have an action plan to address issues and know their team is ready to act when called.

Information security programs vary from company to company. MHCS understands its capacity and is taking a methodical approach to strengthening its security program over time.

To avoid being overwhelmed with insurmountable security goals, MHCS is working with HBS to execute one task at a time. As their business continues to grow, their security program continues to mature. With every new security layer, MHCS provides better protection for its business, employees, and clients.

Interested in HBS Services?

Request a complimentary quote today.

Connect:

[email protected]  |  800.236.7914

HBS logo

HQ | 1700 Stephen Street
Little Chute, WI 54140
Locations

HBS Remote Support | Service & Technical Support | E-Bill Portal
Terms & Conditions | Cookie Policy | Privacy Policy | Onboarding Form | End User Agreements | E-Bill FAQ | Site Map
©2025 Heartland Business Systems. All rights reserved.

Halo from HBS
This chat may be recorded as described in our Privacy Policy.