It’s no secret that the accounting profession is a specific target for cybercriminals, especially during tax season. The risks get higher each year, which is why it is so critical to take a fresh look at your security protocols and make sure they are up to speed, and your team, clients, and third parties that you work with are all aware of how to keep themselves, your firm, and all relevant data secure.
The IRS and its security partners recommend six specific steps you can take to comply with the latest regulations regarding client data and the Swizznet Obsessive Support® Team is here to help you implement them.
Use the following summary of the IRS Security Summit “Security Six” recommendations to “deep six” cyberthreats and put the following best practices in place for your firm including a written data security plan to meet the IRS 4557 requirement.
Generally, anti-virus software scans computer files or memory for certain patterns that may indicate the presence of malicious software (also called malware). It is recommended to complete the following scans regularly:
When selecting an antivirus package, tax professionals should learn about its features, so they know what to expect. Remember, keep security software set to automatically receive the latest updates so that it is always current.
Firewalls provide protection against outside attackers by shielding a computer or network from malicious or unnecessary web traffic and preventing malicious software from accessing systems. Firewalls may be broadly categorized as hardware or software. While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type used:
Firewalls primarily help protect against malicious traffic, not against malicious programs (malware), and may not protect the device if the user accidentally installs malware or falls for email phishing scams.
The use of two-factor authentication and even three-factor authentication is on the rise, and you should always opt for a multi-factor authentication protection when it is offered, whether on an email account, tax software account or any password-protected product to prevent their accounts from being taken over by cybercriminals and putting their clients and colleagues at risk.
Two-factor authentication helps by adding an extra layer of protection beyond a password. Often two-factor authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone.
Critical files on computers should routinely be backed up to external sources. This means a copy of the file is made and stored either online as part of a cloud storage service or a copy of the file is made to an external hard drive. You should ensure that client data is backed up and also encrypted – for the safety of the taxpayer and the tax pro.
Given the sensitive client data maintained on tax practitioners’ computers, users should consider drive encryption software for full-disk encryption. Drive encryption, or disk encryption, transforms data on the computer into unreadable files for an unauthorized person accessing the computer to obtain data. Drive encryption may come as a stand-alone security software product. It may also include encryption for removable media, such as a thumb drive and its data.
This is critical for practitioners who work remotely. If a tax firm’s employees must occasionally connect to unknown networks or work from home, establish an encrypted Virtual Private Network (VPN) to allow for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.
All accounting and tax professionals also should review their professional insurance policy to ensure the business is protected should a data theft occur. If you put off upgrading your tech stack in 2021, do it now to support your new remote or hybrid work environment.
Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. Now, enabling staff to access a secure, virtual desktop through devices that have antivirus (AV), endpoint detection and response (EDR) and multifactor authentication (MFA) allows them to be productive while giving the organization a stronger cybersecurity defense.
Take time now for a tax season cyber security reality check to prevent a busy season business interruption.
Putting these steps in place will help to reduce your firm’s immediate exposure to cyber threats during the busy tax season and beyond. Now is the time to do a pre-tax season cyber security audit to make sure you have all of your bases covered. This is where the team from Swizznet can provide guidance and break down the components of a solid cyber security strategy designed specifically for your accounting firm. They can also help identify gaps in your current strategy which may need your attention.
Remember, the best offense against mounting cyber security threats is a strong offense. At Swizznet, their Obsessive Support® will ensure your accounting firm has the best possible protection and expertise available to keep your remote teams and practice running as efficiently and securely as possible. Join us for a webinar on Nov. 9 to get all of your Security Six bases covered!!
If you’ve followed me for any time, you know I looove technology–learning about it, experimenting with it, using it to drive efficiencies and ROI, and, of course, sharing my experiences with it to help others.
There is one thing, though, that I try never to lose sight of and I think it’s a point that can never be made enough. Technology is the means to the end, not the means itself. This is all part of the process I lay out in my book, The Designated Motivator for Accounting Professionals, and in my Reassess Your Success courses.
An app, no matter how cool it is, is still a tool–and the effect of using it on people is what we should really be focused on when it comes to evaluation and implementation…not to mention the actual usage of it. That’s why it’s so important to view technology as a critical touchpoint for your team and your clients.
With this in mind I offer the following considerations to think through when it comes to your firm’s tech stack and how effective it is beyond a tactical workflow standpoint:
No matter who is using the technology in your tech stack, be sure to take the time and make the effort to understand what their user experience is like and then consider if the internal experience differs significantly from the external one (i.e. your team loves it and your clients don’t, or vice versa). If this is the case, then it’s definitely worth evaluating a different tool. And if no one is happy…then it’s definitely time to reassess your success with that particular application, in my opinion.
Here is an example of a tool we chose, and why it works so well for us. We needed a way for clients to securely send documents and sensitive information to our firm. But we ALSO needed the tool to create transparency for staff and a “single source of truth” for all documents, esignatures, messages and discussion threads, and tasks for the client, and for the firm. We chose Liscio to fulfill this “job” in our tech lineup. Clients love it, and my staff can move faster because we aren’t having to chase clients for overdue items, or search in endless email strings, or look in multiple places for documents they sent. We also don’t get texts anymore which is a HUGE bonus because we can actually have our personal cell phones back.
The most important takeaway here, one that I hope you will take to heart is that tech is just the tool–but it has become a critical touch point for the people who drive your business forward. Namely your team and your clients, so open up that feedback loop and make changes as necessary to ensure it supports the exceptional client experience and workplace culture you want to have! Then choose the right tools for each stakeholder to use. You will create delight and productivity like never before!
No two businesses are alike. That’s what keeps my accounting practice really interesting – even after 23 years!
Throughout my career, I’ve consulted and worked with hundreds of businesses on the technologies and systems they use. Every client has different needs, which makes every engagement a new adventure! Yet my first recommendation, next to having a cloud accounting solution, is usually the same: QuickBooks® Enterprise. I’ve been using it myself for 23 years, and I know from my own experience that you can shape this platform in so many ways!
In addition, QuickBooks protected cloud access lets clients collaborate and boost productivity because they can use Enterprise anywhere, using any device. Plus, they use state-of-the-art protocols to store data, so it really is the most secure and streamlined solution, giving all of us peace of mind.
The flexibility and customization available in QuickBooks Enterprise really make it the go-to solution for any business. That’s why I set up my business clients on it, and then we completely tailor it to their goals. Enterprise truly is designed for all, but unique for one. Read on for some key examples!