Despite security enhancements from Microsoft, CPA firms are likely to disable the controversial Recall feature in Windows 11, which
Last September,
Cory Wolf, director of offensive security with cybersecurity consulting firm risk3sixty, said these new changes have allayed many concerns about the Recall feature between when it was first launched and now. He noted that the initial release was indeed a major security challenge, adding that Microsoft rushed it without going through the typical insider preview process and so did not account for the security issues, but has improved the solution since then.
"That was why everyone was freaking out, it was clear they did not do any security around it, did not go through previews and at the time it was a real security risk. Now it is going through the proper channels of Windows preview, they added content filtering, they added the virtual machine component … at least from a cybersecurity perspective, it's really worked out and they've improved it quite a bit," he said.
Despite these changes, however, some firms are still opting to disable recall on their devices, such as California-based Navolio & Tallman LLP. Though they intend to soon get laptops specifically optimized for AI solutions, IT partner Stephanie Ringrose said that, for now at least, they're going to disable the feature.
"We started with the hardware that has the new processor, so that as technology comes out that has more AI in it, we're set up for success. … So we're open to new technology. Another part is we like to be on the leading edge, but we're not necessarily on the bleeding edge, so initially [Recall] does not seem like something we need right away, so our plan currently is to disable it," she said in an interview.
Top 50 firm LBMC will also be disabling Recall, according to chief digital and technology officer David Maynard. He raised concerns about the security implications, such as the inadvertent storing of sensitive data via screenshot captures, the use of LLM-powered indexing opening up the possibility for prompt injection attacks, insider threat risks of administrative access being misused, as well as compliance and legal exposure under data protection laws.
"With specific regard to Microsoft's Windows 11 Recall feature, we are closely monitoring its development and capabilities as we do all other tools. Microsoft is a trusted partner and delivers some of the most powerful enterprise tools. That said, all evolving technology tools present unique challenges that merit thorough scrutiny, especially for professional services firms handling high volumes of confidential and regulated data. … We are currently disabling Recall by policy across all internal devices, even though it remains in preview. Our experts are also considering the broader implications of using LLMs in enterprise settings and continuing to test the Recall functionality in non-production environments to inform both internal and client-facing recommendations," he said in an email.
Still, while firms can take action for themselves, the indirect third party risk remains. While one user might disable Recall, anything shared with someone who has enabled it will be saved to their device, which could still result in data leakage and cyber incidents. Imagine someone from a firm with Recall disabled talking about sensitive matters with a vendor who does have it enabled; now imagine that vendor getting hacked and the attackers getting that sensitive data despite the firm itself protecting on their end.
Ringrose said that while there are measures a firm can take, there are limits to how much they can control third parties. The firm can have open communications and be vigilant about their data but there is only so much one can do.
"This [applies to] almost all technology when communicating with outside parties, that you cannot really control what every third party uses on their side. I think there's a couple different things we can do on the client side, [like] more education as you communicate with them… you have open discussions with them on how they intend to use it and help be an advisor if [the risks] come up," she said.
LBMC took a similar position, saying that it can't really control what other parties do, so they need to be careful about what they, themselves, disclose to outside parties.
"LBMC can control only its devices, not third-party assets. Management and understanding of Recall's implications are necessary before sharing information," said Maynard.
But at the same time, the two said it's not that much different than any other communications technology. Yes, third parties might capture sensitive data through Recall, but the same thing could happen with irresponsible emails or file shares too. In this respect, while the firms intend to have controls over the use of the feature, they would be no different than the controls they would require for any other new technology.
"It's like email, you know? It's like any form of communication—you're putting something out there. And so it's a little bit open to what that third party is using," said Ringrose.
Maynard raised a similar point: while LBMC will be thoroughly evaluating Recall for safety, it does so for every new piece of technology it potentially could adopt. At a high level, every new tool under consideration—whether developed internally, by a third party, or as part of a widely used platform—is assessed using a phased model. The evaluation model encompasses infrastructure and compatibility review, security review, privacy and data governance review, legal and regulatory risk assessment, ethical and professional standards alignment, cybersecurity and AI committee input, governance and approvals process, a test phase with controlled rollouts, then training, usage, policies and compliance integration.
"Window 11 Recall is just one of many emerging technologies that highlights the need for organizations, especially those in regulated industries like accounting to have a structured enterprise-wide process for evaluating new tools. At LBMC we view every innovation through a multidimensional lens balancing potential benefits with security, privacy, regulatory and ethical considerations. Our approach is part of a broader, proactive framework that involves cross functional expertise from cybersecurity, AI, legal, compliance and operational leadership. This is how we ensure new technology aligns not only with our internal standards, but with the expectations of the clients and industries we serve," he said.
Wolf, from risk3sixty, said that while the risks from improper use are real, at this point they are not dramatically greater than other solutions. He noted that many CPA firms already have third party risk management programs and it wouldn't be difficult to work Recall into these already existing controls. However, he said it might be more of a lift for those who do not already have these programs in place.
"So when doing vendor questionnaires and audits they should bake in Recall, things like doing security awareness training around Recall, that should be baked into that, but it definitely needs adjustment … for smaller firms that do not have one. Contractual obligation is their best recourse. It's no different than sending something to a noncompany email for example, the risks are still the same," he said.
There was similar thinking regarding remote work and bring-you-own-device policies. Many firms already have specific security policies in these areas, and while Recall is a factor in both cases, there appears to be little need to carve out an entire new set of policies specifically for this feature. Firms should be diligent with their cybersecurity overall, said Maynard, which includes accounting for Recall but no more than other tools.
"For accounting and advisory firms, any tool that touches client data must be evaluated not just on features—but on trust, integrity, and compliance. We believe that by embedding subject matter expertise into every phase of the evaluation process, firms can strike the right balance between innovation and responsibility," he said.
