It’s no secret that the accounting profession is a specific target for cybercriminals, especially during tax season. The risks get higher each year, which is why it is so critical to take a fresh look at your security protocols and make sure they are up to speed, and your team, clients, and third parties that you work with are all aware of how to keep themselves, your firm, and all relevant data secure.
The IRS and its security partners recommend six specific steps you can take to comply with the latest regulations regarding client data and the Swizznet Obsessive Support® Team is here to help you implement them.
Use the following summary of the IRS Security Summit “Security Six” recommendations to “deep six” cyberthreats and put the following best practices in place for your firm including a written data security plan to meet the IRS 4557 requirement.
Generally, anti-virus software scans computer files or memory for certain patterns that may indicate the presence of malicious software (also called malware). It is recommended to complete the following scans regularly:
When selecting an antivirus package, tax professionals should learn about its features, so they know what to expect. Remember, keep security software set to automatically receive the latest updates so that it is always current.
Firewalls provide protection against outside attackers by shielding a computer or network from malicious or unnecessary web traffic and preventing malicious software from accessing systems. Firewalls may be broadly categorized as hardware or software. While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type used:
Firewalls primarily help protect against malicious traffic, not against malicious programs (malware), and may not protect the device if the user accidentally installs malware or falls for email phishing scams.
The use of two-factor authentication and even three-factor authentication is on the rise, and you should always opt for a multi-factor authentication protection when it is offered, whether on an email account, tax software account or any password-protected product to prevent their accounts from being taken over by cybercriminals and putting their clients and colleagues at risk.
Two-factor authentication helps by adding an extra layer of protection beyond a password. Often two-factor authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone.
Critical files on computers should routinely be backed up to external sources. This means a copy of the file is made and stored either online as part of a cloud storage service or a copy of the file is made to an external hard drive. You should ensure that client data is backed up and also encrypted – for the safety of the taxpayer and the tax pro.
Given the sensitive client data maintained on tax practitioners’ computers, users should consider drive encryption software for full-disk encryption. Drive encryption, or disk encryption, transforms data on the computer into unreadable files for an unauthorized person accessing the computer to obtain data. Drive encryption may come as a stand-alone security software product. It may also include encryption for removable media, such as a thumb drive and its data.
This is critical for practitioners who work remotely. If a tax firm’s employees must occasionally connect to unknown networks or work from home, establish an encrypted Virtual Private Network (VPN) to allow for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services.
All accounting and tax professionals also should review their professional insurance policy to ensure the business is protected should a data theft occur. If you put off upgrading your tech stack in 2021, do it now to support your new remote or hybrid work environment.
Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. Now, enabling staff to access a secure, virtual desktop through devices that have antivirus (AV), endpoint detection and response (EDR) and multifactor authentication (MFA) allows them to be productive while giving the organization a stronger cybersecurity defense.
Take time now for a tax season cyber security reality check to prevent a busy season business interruption.
Putting these steps in place will help to reduce your firm’s immediate exposure to cyber threats during the busy tax season and beyond. Now is the time to do a pre-tax season cyber security audit to make sure you have all of your bases covered. This is where the team from Swizznet can provide guidance and break down the components of a solid cyber security strategy designed specifically for your accounting firm. They can also help identify gaps in your current strategy which may need your attention.
Remember, the best offense against mounting cyber security threats is a strong offense. At Swizznet, their Obsessive Support® will ensure your accounting firm has the best possible protection and expertise available to keep your remote teams and practice running as efficiently and securely as possible. Join us for a webinar on Nov. 9 to get all of your Security Six bases covered!!