As a tax professional, you have a duty to your clients, especially as you’re handling sensitive information. Part of that is collecting data and filing accurate tax returns, and part of it is protecting the data you’ve collected. Personally identifiable information, financial details, and tax data can all be used by criminals and hackers to steal identities and commit fraud. If you want to stop that from happening, it’s vital to take data protection and cybersecurity seriously.
1. Install antivirus and firewall software
All accounting businesses should have strong antivirus and firewall software in place. Firewalls help to prevent unauthorized users from using brute force to work their way into your systems, while antivirus software reduces the chance of malware being installed on your computers.
2. Regularly back up business and client data
If client accounting or tax data is ever stolen or compromised, you may need to recover it. You should implement regular backups of all your important data, so it is easily accessible if your computer is compromised.
3. Encrypt data when storing or transmitting
Some computer systems will allow you to encrypt data when it’s “at rest” (stored by your business) or “in transit” (sent to someone else). Implement data encryption whenever you can — that way, even if a hacker gets into your system, it’s likely they won’t be able to do anything with data they steal because it will be impossible to decrypt without the right security key.
4. Train your staff against cyber threats
Social engineering is a popular data theft technique where a criminal convinces an unsuspecting staff member to share their password and login details. The hacker then steals that information and uses it to gain access to your systems. Explain the risks to your staff and ensure everyone gets training on how to identify social engineering scams, phishing emails, and similar attempts to gain unauthorized access.
5. Use multi-factor authentication
The weakest type of security for logging into accounting and financial systems is single-factor authentication when you just use a login ID and a password. This is relatively easy to break and can be stolen through social engineering. A way to combat this is to introduce two factor or multi-factor authentication, where the person logging in needs to have something else to prove their identity.
This might be a smartcard with a changing number you have to enter or a scanner that asks for a fingerprint. Even if a hacker gets a login and password, without this extra factor, they will not be able to access accounting systems and sensitive data.
6. Regularly update software and applications
Most software will have vulnerabilities that could be exploited by hackers — that’s just the nature of software development. As application vendors identify vulnerabilities, they will issue an update that, when installed, can be used to close these gaps to criminals. Make sure that you install updates quickly after release, across all hardware, software, and systems that use the impacted application.
7. Perform vulnerability and penetration testing
Vulnerability scanning helps to identify potential flaws in your software and systems that could be exploited by hackers. Penetration testing attempts to simulate the techniques a criminal would use to gain access to your accounting systems and data. You can hire specialist third party companies who can carry out these tests on your behalf to identify flaws in your accounting business security.
Whatever techniques you use to protect sensitive client, tax, and accounting data, the time to start is now. Data breaches are on the rise, and it’s important you implement strong, robust cybersecurity.
This article was last edited on July 28, 2021.