Cybercrime is on the rise, especially as the world becomes increasingly more digital. For Accounting firms this means staying on top of Personal Identifiable Information (PII) as well as adding safeguards to your IT environment to make sure you are protecting your company and clients to the best of your ability. For tax professionals, it is important to maintain best security practices. The cybercriminals are eager to obtain taxpayer data and are becoming more and more creative each year.
There are some security practices all tax professionals should be aware of to secure taxpayer information. For starters, basic techniques include not opening phishing emails, creating a data security plan, and reviewing internal controls. A few more tips are shared below.
How to Protect Your Business with Internal Controls
- Any terminated employees’ access should be immediately removed. Maintain limited access to your data storage area, and keep it secured and monitored.
- Create strong passwords! Having a password manager is especially helpful in generating hard to guess passwords and remembering them.
- Ensure that personal and business email accounts are separate.
- Have a data security plan in place for backup, restoration, disaster recovery, and encryption.
- Keep inventory of any devices that store client data, including but not limited to laptops, smart phones, tablets, external hard drives, etc. Also, inventory software used for processing and sending tax data.
- Only share information with individuals who need to know.
- There are resources available, such as the IRS Publication 4557, to aid in creating a plan to safeguard taxpayer data.
- Use security software and enable automatic updates, including anti-virus/anti-malware, firewalls, and any security software that protects your network, devices, and/or internet browser.
How to Protect Your Clients
- Avoid attaching USB drives containing client data to public computers.
- Be aware of phishing emails. Do not open suspicious e-mails!
- Do not download attachments from unknown e-mails.
- Destroy any sensitive data appropriately. Before disposing of any devices containing client data, ensure that they are wiped and shredded. Some software includes a “shredder” that destroys stored files. Shredding, burning, and crushing these devices is critical to protecting your clients.
- Do not install free software, or any unnecessary software to the business network.
- Be safe on the internet with ad and pop-up blockers.
- Do not download files from unknown or unsecure webpages.
- Do not use public wi-fi to access sensitive data.
- This includes business emails and client information.
- Encrypt any sensitive data. Store on encrypted external backups.
If this is something that you know you need, then please reach out to us. We can help identify problem areas and increase your company’s security posture.