In an era when cyberattacks occur so frequently, it’s crucial to be educated and proactive about protecting your firm. Just how big of a problem is cybersecurity for accountants? At first glance, it appears that outright cyberattacks are rare. However, there are many other ways that accountants can have their data compromised — and it is critical that you stay ahead of the threats that are focused on stealing what is most important to your business — your clients’ data and funds.
Proactive measures should be taken for the security of your business as a whole; versus cyberattacks specifically.
When taking steps toward security, focus on the things that matter most to your clients — confidentiality, integrity and availability. Firm owners have to think about all the components that the business utilizes from a technology standpoint to help ensure each of those areas is protected.
Although cyberattacks are getting more sophisticated and frequent with each passing year, you and your clients can prevent falling victim to them. Practicing good cyber hygiene can prevent most intrusions by signaling to attackers that you’re not an easy target. Consider these best practices to protect your firm and your clients:
Remain in-the-know on business technology. It sounds simple, but you must understand the entire scope of your business and where technology fits into it. Otherwise, you may not understand potential vulnerabilities.
Know what types of data you have and where it is stored — including on employee laptops, local networks, servers and cloud providers.
Make someone accountable. If you’re a sole proprietor, you’re the person in charge of data security. If you’re not up to the task, hire a vendor or consultant to oversee this important business function.
Practice safe password practices. Employees of small businesses are often as close as family but be careful to ensure that employees are not sharing passwords. Utilize a password manager for key systems that hold financial and sensitive information.
Automate software updates. It’s hard to keep abreast of the latest updates and patches, so automate them through your settings menu.
Put up a firewall. The routers and modems you use should already have firewalls installed to prevent the malicious intrusions. If not, ask your internet service provider to install them. The most important thing is to turn them on and make sure they are functioning properly.
Embrace encryption. Encryption prevents a bad actor from gaining access to your entire network. Even if fraudsters steal your passwords, they won’t get access to the full infrastructure. They will only get access to what that password has access to.
Be careful with Wi-Fi. Make sure you’re using wireless encryption. If you allow outsiders onto your wireless network, create a guest network that doesn’t allow access to your internal systems or files.
Consider insurance. Cyber insurance can protect your firm from financial ruin if your clients suffer harm due to an attack on your end.
Along with prevention, the other side of cyber hygiene is being educated and aware of when an incident may have occurred. Here are the tell-tale signs:
Receiving items you never requested. You or your client receive refunds, even though a tax return hasn’t been filed, or a tax transcript is received that wasn’t requested.
Account management discrepancies. A notice or email is sent by the IRS claiming an IRS Online Services account was accessed or disabled, or another account was created in a client’s name.
Numbers aren’t adding up. Keep track of the number of returns filed for each client. If the number of returns filed with the EFIN is greater than the number you’ve filed for your clients, there’s cause for investigation.
Technology mishaps. Be aware of network computers running slower than normal; computer cursors moving or changing numbers when the user is not even touching the keyboard; network computers locking out employees, or if you or your client are responding to emails the firm did not send.
Turning to a professional partner you trust can bring to bear the latest research and testing on evolving threats, continual training in new guidelines and practices, and advanced technology solutions. You may need to rethink your budget priorities to ensure you’re allocating enough resources to purchase the solutions that keep your business safe. Additionally, you will need to spend time training yourself, your staff and your clients on best practices and tell-tale signs.
These may seem like obstacles at first. But with time and repetition, they are likely to become part of the culture at your practice.