Whew, you made it! April 15th is in the rearview window…time to close the books and call it done (or at least until the October extension nears). WRONG! For CPAs and Accountants, tax season never stops. Why? Because data security for your clients’ sensitive information should be a 24/7, 365 priority.
Data Security & Data Defense
Most small to medium businesses (SMBs) don’t think they will ever be a target for a cyber attack. In their minds, only Fortune 500 companies are being eyed by cybercriminals. Unfortunately, this line of thinking couldn’t be further from the truth. Attackers focus on SMBs because they view them an easy target and assume they don’t know how to deploy or have the budget to afford proper data security solutions. Sadly, and all too often, they are assuming correctly.
Email and web browsing filters do an okay job of protecting you from harmful content and spam messages. However, cybercriminals are getting smarter and more cunning every day. It’s critical that you protect your company from vicious malware, virus, and phishing attacks. A trusted IT services provider will monitor for these attacks and provide automatic security updates and software patches so you don’t have to worry about evolving scams.
Working in the Cloud
It’s becoming increasingly common for CPAs and Accountants to work in the cloud. The amount of time and money saved is too good to pass up. Cloud-based accounting offers many advantages over traditionally-installed software:
- Anywhere, Anytime Access: As long as you have an internet connection, you have access to your clients’ data. Additionally, most cloud-based accounting programs allow for multiple users and offer user permissions, thus adding a much-needed level of data security.
- Extra Layer of Data Security: Unlike traditional desktop models, cloud-based accounting companies securely store your information in data centers that implement advanced security protection at a level which would be extremely complex and expensive for most CPA firms to do themselves. The cloud also offers data redundancy, meaning that information is stored in multiple locations, protecting your client’s data from natural disasters or other issues that may disrupt one physical server site.
- Automatic Data Backups: In addition to built-in security, another perk of the cloud is automatic data backups to offsite servers.
- Many Options: A trusted IT provider helps you choose a cloud provider that meets these needs
Communication Channels (This is actually a regulatory requirement)
CPAs and Accountants should try to avoid communicating with potential or existing clients solely through email. This is particularly true if any unusual accommodations are needed, like requests for duplicate W-2 copies, address changes, Social Security numbers, email addresses, or financial information. The recent spike in phishing scams means no valuable data should be transmitted electronically when a phone call or in-person meeting will suffice.
Employee Education
We cannot repeat this enough: Educate all employees about password security and email phishing scams, especially as a tax filing deadline looms.
It’s time for everyone to stop using the same password for every login. We recommend using a password manager like My IT Glue or Passportal. These tools store passwords in an encrypted and password protected format so you don’t have to remember a thing. They utilize two-factor authentication; encrypt password data at storage and transfer points; auto-fill forms; and generate strong, randomized passwords. If your business is subject to industry regulations like HIPAA, FINRA, and PCI then you should already have this in place.
You and your employees should also never take an email from a familiar source at face value; for example, an email from “IRS e-Services.” If it asks you to open a link or attachment, or includes a threat to close your account, think twice. NEVER click on any link or attachment included in an email that discusses tax information.
We just hit the tip of the iceberg with this post. Data security is no joke and should be a #1 priority in your firm. After all, if something were to happen to your client’s sensitive data, you would lose your client’s trust and couldn’t do your job. And that’s why they hired you!
If you have any questions, contact us. We are here to help!
