Cybersecurity can be a complicated and intimidating topic for many tax preparers. But what may seem too large for any one person to solve can actually be a very manageable task with a little knowhow. Keep reading to learn how you can own your role in cybersecurity and strengthen your tax prep business’s integrity.
What data are hackers looking for?
Hackers are primarily after identity data, with credit card information being their secondary target.
Identity data is any information that can be used to identify a specific user, employee, contractor, client, or consumer. This includes names, addresses, email addresses, SSNs, and more. In many cases, a name, SSN, and birthdate are enough to steal someone’s identity and cause immense financial and credit damage.
While stolen credit cards are bad news, stolen identity data found on financial documents is much worse. Digital black marketers actually prefer financial documents to stolen credit cards. Credit cards can be canceled, and they expire, offering a limited window of value. This is not the case for SSNs, names, or birth dates, which live on indefinitely. Hackers love to steal state and federal tax returns because they contain this sensitive information.
Given that your job requires access to a client’s financial records and identity data, you are obligated to protect that information.
How can a tax preparer implement non-technical identity data management procedures?
Knowing what cybercriminals are looking for makes it easier to safeguard that valuable information and protect your business. Here are a handful of non-technical approaches that will enable your tax prep business to better shield identity data:
Understand that not all data needs to be saved
Protect your customers by getting rid of some information. After all, it can’t be stolen if you don’t have it. Retain the records that are required by law and the contact info needed to maintain a relationship with a client and nothing more. Delete all client identity data after three years.
Train your staff to be skeptical
Phishing and social engineering scams are used by hackers to fool employees into sharing personal or financial information. Email is the primary tool that hackers use to deliver scams to unsuspecting recipients, so this is where you want to be on the lookout. Train your staff to identify suspicious emails. As a general rule, be wary of all messages from unknown senders and never share information, click links, or download attachments from anyone that you don’t know. This can be difficult for tax preparers who receive attachments from clients, but it is important to remain vigilant and on the lookout for anything suspicious. Use a secure document sharing tool like TaxSlayer Pro’s TaxesToGo app or client portal when sharing documents with clients to avoid being tempted to download attachments from emails.
Silo your data based on who needs it most
Not every member of your team needs access to identity data. Segment access based on a need-to-know basis. Fewer access points to sensitive data offer fewer opportunities for a hacker to weasel in and cause problems.
Accountability of a tax preparer
Any business conducted online or with a connected device carries a particular set of risks. That’s the reality of the tech-enabled world that we work in today. Every tax prep business that hires employees or contractors, processes payments, or stores client records needs to consider the possibility of a data breach. As a tax preparer, the outcome of any breach falls squarely on your shoulders. Data is one of the most valuable and vulnerable assets that any business manages. Unfortunately, many tax preparers don’t learn this fact until it’s too late, because anytime there is a data breach, lawsuits can be expected to follow.
A cyber insurance policy covers your tax prep business in the event of a hack or data breach that results in financial damages – both direct and litigatory. This type of business insurance covers your intangible assets like digital files, email, and data. Cyber insurance may seem novel to many tax preparers, but it has become a necessary form of coverage.
This article was last edited on November 1, 2021.