Tax Preparer Tips: Protecting Client Info

tax professional working to protect her client’s info

As a tax professional, you have a duty to your clients, especially as you’re handling sensitive information. Part of that is collecting data and filing accurate tax returns, and part of it is protecting the data you’ve collected. Personally, identifiable information, financial details, and tax data can all be used by criminals and hackers to steal identities and commit fraud. If you want to stop that from happening, it’s vital to take data protection and cybersecurity seriously.

Install Robust Antivirus and Firewall Software to Protect Your Accounting Business

All accounting businesses should have strong antivirus and firewall software in place. Firewalls help to prevent unauthorized users from using brute force to work their way into your systems, while antivirus software reduces the chance of malware being installed on your computers.

Regularly Backup All Accounting Business and Client Data

If client accounting or tax data is ever stolen or compromised, you may need to recover it. You should implement regular data backups of all your important data, so it is easily accessible if your computer is compromised. This could include complete backups, iterative backups, and other types of backups to create a strong backup schedule and strategy.

Encrypt Financial, Accounting, and Tax Data When You Store or Transmit It

Some computer systems will allow you to encrypt data when it’s “at rest” (stored by your business) or “in transit” (sent to someone else). Implement data encryption whenever you can — that way, even if a hacker gets into your system, it’s likely they won’t be able to do anything with data they steal because it will be impossible to decrypt without the right security key.

Train Your Tax Preparation Staff on Phishing and Social Engineering

Social engineering is a popular data theft technique where a criminal convinces an unsuspecting staff member to share their password and login details. The hacker then steals that information and uses it to gain access to your systems. Explain the risks to your staff and ensure everyone gets training on how to identify social engineering scams, phishing emails, and similar attempts to gain unauthorized access.

Introduce Multifactor Authentication to Accounting Systems and Data

The weakest type of security for logging into accounting and financial systems is single-factor authentication when you just use a login ID and a password. This is relatively easy to break and can be stolen through social engineering. A way to combat this is to introduce two factor or multifactor authentication where the person logging in needs to have something else to prove their identity.

This might be a smartcard with a changing number you have to enter or a scanner that asks for a fingerprint. Even if a hacker gets a login and password, without this extra factor, they will not be able to access accounting systems and sensitive data.

Regularly Patch Accounting Software, Operating Systems, and Other Applications

Most software will have vulnerabilities that could be exploited by hackers — that’s just the nature of software development. As application vendors identify vulnerabilities, they will issue “patches” that can be used to close these gaps to criminals. Make sure that you install patches quickly after release, across all hardware, software, and systems that use the impacted application.

Carry Out Vulnerability Scanning and Penetration Testing

Vulnerability scanning helps to identify potential flaws in your software and systems that could be exploited by hackers. Penetration testing attempts to simulate the techniques a criminal would use to gain access to your accounting systems and data. You can hire specialist third party companies who can carry out these tests on your behalf to identify flaws in your accounting business security.

Whatever techniques you use to protect sensitive client, tax, and accounting data, the time to start is now. Data breaches are on the rise, and it’s important you implement strong, robust cybersecurity.