It’s no secret that the accounting profession is a specific target for cybercriminals, especially during tax season. The risks get higher each year, which is why it is so critical to take a fresh look at your security protocols and make sure they are up to speed, and your team, clients, and third parties that you work with are all aware of how to keep themselves, your firm, and all relevant data secure.
The IRS and its security partners recommend six specific steps you can take to comply with the latest regulations regarding client data and the Swizznet Obsessive Support® Team is here to help you implement them.
Use the following summary of the IRS Security Summit “Security Six” recommendations to “deep six” cyberthreats and put the following best practices in place for your firm including a written data security plan to meet the IRS 4557 requirement.
Generally, anti-virus software scans computer files or memory for certain patterns that may indicate the presence of malicious software (also called malware). It is recommended to complete the following scans regularly:
When selecting an antivirus package, tax professionals should learn about its features, so they know what to expect. Remember, keep security software set to automatically receive the latest updates so that it is always current.
Firewalls provide protection against outside attackers by shielding a computer or network from malicious or unnecessary web traffic and preventing malicious software from accessing systems. Firewalls may be broadly categorized as hardware or software. While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type used:
Firewalls primarily help protect against malicious traffic, not against malicious programs (malware), and may not protect the device if the user accidentally installs malware or falls for email phishing scams.
The use of two-factor authentication and even three-factor authentication is on the rise, and you should always opt for a multi-factor authentication protection when it is offered, whether on an email account, tax software account or any password-protected product to prevent their accounts from being taken over by cybercriminals and putting their clients and colleagues at risk.
Two-factor authentication helps by adding an extra layer of protection beyond a password. Often two-factor authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone.
Critical files on computers should routinely be backed up to external sources. This means a copy of the file is made and stored either online as part of a cloud storage service or a copy of the file is made to an external hard drive. You should ensure that client data is backed up and also encrypted – for the safety of the taxpayer and the tax pro.
Given the sensitive client data maintained on tax practitioners’ computers, users should consider drive encryption software for full-disk encryption. Drive encryption, or disk encryption, transforms data on the computer into unreadable files for an unauthorized person accessing the computer to obtain data. Drive encryption may come as a stand-alone security software product. It may also include encryption for removable media, such as a thumb drive and its data.
This is critical for practitioners who work remotely. If a tax firm’s employees must occasionally connect to unknown networks or work from home, establish an encrypted Virtual Private Network (VPN) to allow for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.
All accounting and tax professionals also should review their professional insurance policy to ensure the business is protected should a data theft occur. If you put off upgrading your tech stack in 2021, do it now to support your new remote or hybrid work environment.
Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. Now, enabling staff to access a secure, virtual desktop through devices that have antivirus (AV), endpoint detection and response (EDR) and multifactor authentication (MFA) allows them to be productive while giving the organization a stronger cybersecurity defense.
Take time now for a tax season cyber security reality check to prevent a busy season business interruption.
Putting these steps in place will help to reduce your firm’s immediate exposure to cyber threats during the busy tax season and beyond. Now is the time to do a pre-tax season cyber security audit to make sure you have all of your bases covered. This is where the team from Swizznet can provide guidance and break down the components of a solid cyber security strategy designed specifically for your accounting firm. They can also help identify gaps in your current strategy which may need your attention.
Remember, the best offense against mounting cyber security threats is a strong offense. At Swizznet, their Obsessive Support® will ensure your accounting firm has the best possible protection and expertise available to keep your remote teams and practice running as efficiently and securely as possible. Join us for a webinar on Nov. 9 to get all of your Security Six bases covered!!
January 24, 2022
Did you know? This Friday, January 28, is National Privacy Day! Seeing as this international celebration is dedicated to the education and promotion of privacy and data protection best practices, I figured we could celebrate by looking at one of the safest platforms in the payments industry.
When it comes to online transactions (even international ones), Veem makes them safer, more affordable, and faster than sending traditional banking transactions. It’s all backed by Veem’s six layers of security, check these out if you are looking for the best security possible for online payments for you and your clients (and we all are, right?):
Veem uses Two-Factor-Authentication (2FA)
2FA adds an extra layer of protection to your account by making you authorize your login from an email or another device. This adds assurance that no one is able to hack into accounts, and if they try, you or your client are notified of an attempted login.
Veem is SOC 2 Certified
Now you might be thinking, what the heck is SOC 2? It stands for Service Organization Control 2, which is an internal controls report, capturing how a company will safeguard data and the status on how well those controls are operating. SOC 2 requires Veem to establish and follow strict information security policies and procedures, encompassing the security, availability, processing, integrity, and confidentiality of customer data.
Veem has a Secure Website
Veem is DigiCert certified. This means that Veem’s website offers the strongest encryption and highest authentication available. All information that is stored, shared, or uploaded on the platform will be encrypted with the highest, most advanced tools available.
Transactions are Monitored
All transactions on the platform are monitored for suspicious behavior. If our DigiCert, 2FA and SOC 2 certifications aren’t enough to make you feel comfortable running transactions, this will. Veem is fully compliant with The Payment Card Industry Data Security Standard. This provides the highest level of Anti Money Laundering assurance in the industry.
Veem is Globally Regulated
Whether you are sending a payment across town or across the world, they will make sure it makes it safely. Registered with the Financial Crimes Enforcement Network, and the US Department of Treasury, Veem is a certified Money Transmitter regulated to send payments in every country it serves.
Identity Verification
Veem has strict identity verification measures for customers. So when you are using any type of card, Veem minimizes risks and ensures that payments are secure and authorized.
I can’t think of a better way to celebrate National Security Day than to share how my Starting Lineup partner, Veem, is keeping online payments secure…no matter where you or your clients do business. Be sure to check out Veem for yourself and talk to their team about how you can better serve your clients by using their streamlined, secure payment solution.
Have a very happy National Privacy Day everyone!
