Tax and accounting professionals handle a tremendous amount of client correspondence and paperwork that contains sensitive information. While you might not stuff tax papers into a folder you leave in your car, people frequently put sensitive information at risk by making simple mistakes or not following cybersecurity best practices.
Protecting your data from cyberattacks is crucial to maintaining your reputation, retaining your clients, and avoiding costly downtime due to breaches. This article shares three things you can do today to protect your firm and client data from cyberattacks.
Tip #1 – Follow general best practices
Each business has unique risks, so while there is not a one-size-fits-all approach, there are general best practices everyone should follow:
- Use strong, unique passwords or pass phrases with at least 12 characters.
- Keep all hardware and software updated to protect against malware and ransomware infections.
- Know how to recognize suspicious links that could be embedded in social media posts, emails, texts, and more.
- Recognize and report phishing attempts by looking for these signs:
- Messages that are threatening or urgent with unusual spacing, lousy grammar, and misspellings.
- An email address that has misspellings (amazun.com or traget.com).
- Requests for personal information or for you to complete an odd business request.
- Stay alert for social engineering.
- Avoid accessing sensitive information on your accounts on unprotected public Wi-Fi.
- Always back up your data to a device or cloud solution not connected to your network.
It is critical that everyone involved in your practice—yes, that means full-time, part-time, and seasonal employees, as well as contractors and vendors—understand cybersecurity risks and their responsibilities in protecting data. After all, you’re only as strong as your weakest link. Educate your staff regularly, and make cybersecurity a staff and client onboarding topic.
Tip #2: Avoid sharing sensitive data through email
Although it is a popular communication method, email was never meant to be a secure way to send sensitive information. Dr. Catherine J. Ullman, a senior information security analyst for the University of Buffalo, said: “Although you need credentials to log in and access the e-mail in your mailbox, email is, by default, sent from server to server in clear text that can be read by anyone while in transit.”
There are multiple weaknesses hackers can intercept as the email travels from one server to the next. Sometimes hackers gain access to a server, which lets them read every email stored on it.
Many documents accountants require for tax returns include sensitive information, such as financial data, income information, and Social Security numbers—none of which should be shared through email in the body of the message or an attachment.
Tip #3: Move to the cloud
Accounting professionals handle many documents with personal information hackers would love to access. It’s your responsibility to make sure they can’t. When thinking about your tech stack, ensure you partner with security-focused vendors who help you, your staff, and your clients securely work online. Look for ones that have measures like two-factor authentication, encryption at rest and transit, and automatic data backup.
If you’re on the fence, moving to the cloud isn’t just for increased security. Intuit’s 2022 Taxpayer Insights & Intelligence Brief makes it very clear: Taxpayers have high expectations around digital, secure workflows. According to the survey, 73% of respondents want a secure place to upload documentation to their tax pro throughout the year, and 86% expect their tax documents and information to be stored with industry-standard security. When it comes to sending documents online, 74% of respondents wish to send their personal, sensitive data via a secure transfer.
Put data security first
Cybersecurity is complex. Hackers can access your information in many ways, and their technology and techniques are getting stronger every day. But when you educate your staff and clients, and partner with the right vendors—those who put data security first—everyone can rest assured their data is protected.