Information hacking has been a big topic of discussion in the national news in recent months. With all the financial information that is shared during tax time, keeping your clients’ data secure is a big concern as hackers proliferate and become more sophisticated in their methods to steal your clients’ financial information.
Businesses are prime targets for identity and information theft because it’s easy to get information about individual businesses. There is a lot of important information about them that is part of the public record, it can be very profitable because the balances in business bank accounts are often larger than in a personal bank account, and, in many cases, it’s easier to slip by undetected because many businesses are likely unaware that there are credit reporting bureaus that focus on business credit. What’s more, because some vendors don’t report credit history to the bureaus, identity theft can go on under the radar for a long time.
During tax season, a lot of financial information is shared between tax preparers and small businesses, making it an ideal time to commit identify theft. The Security Summit, a partnership between the IRS, state tax agencies and the private sector tax industry, is sharing information and tips aimed at tax professionals that help them protect their clients’ data from those who would try to hack into the data they use to file their clients’ taxes.
In addition to this advice from the IRS, here are seven specific things you can start doing now to help you protect client data:
1. Audit your data protection practices: Don’t wait for a data breach to take your security protocols seriously. An annual review of your systems by an outside firm is a good best practice for professionals who regularly handle sensitive information. And, if you make your clients aware you are doing this on an annual basis, it becomes additional value and security your clients will enjoy when they work with you.
2. Make sure your clients know about email security: If your clients are emailing you financial information, make sure they are aware that email might not be the best way to share sensitive data. When an email is sent it stops in several locations (or servers) before it hits your inbox, so without encryption, hackers can intercept the email. This gives you an opportunity to develop a system that is secure for both you and your clients.
3. Don’t ignore physical security: If your computer network is secure, but your staff isn’t careful about walking away from a computer with files open, those files are at risk. Something as simple as putting computers to sleep with a password when no one is at the desk is an easy first step. Other physical security, like keeping locks on doors leading to any sensitive files, cable locks on computers to ensure they are locked to the desk, and keeping desks clean and tidy so that information can’t be misplaced or picked up by the wrong hands are other things you can do to avoid the theft of sensitive data.
4. Is your WiFi secure? Make sure your WiFi network is secured with strong passwords and encryption protocols. It’s also a good idea to keep guest networks completely separate from your internal network.
5. Are you files regularly backed up? If your computers suffer from a virus or malware attack, you can recover lost data if you conduct regular back ups. Regularly backing up critical client files is a good best practice, and could be considered insurance against a hacker attack.
6. Prohibit employees from accessing client data on their personal computers: It’s just not a good idea for employees to use their personal devices to handle client information and can be a huge security concern. While there are policies you can put in place to limit the security vulnerabilities this may cause, it might be a better approach to simply keep all client data on your firm’s computer devices.
7. Encourage your clients to take an active role in monitoring their data security: A good first step is to make sure they understand the business credit bureaus and how important it is to regularly monitor what is being reported about their businesses. It’s not uncommon for the public record to include mistakes and regularly monitoring their business credit will allow your clients to find evidence of identity theft earlier, rather than later.
You don’t need to dive too deep into the news to read about hacking and cybercrime. If large banks, insurance companies, and others can be hacked, your accounting or tax practice is likely not immune. By taking a proactive approach to protect your clients’ data, rather than waiting for a successful attack on your accounting practice, you can potentially avoid the financial harm your clients could experience should their data be stolen.