Practice Management Moving to the cloud: Cybersecurity Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Luke Kiely Modified Apr 2, 2024 3 min read Tax and accounting professionals handle a tremendous amount of client correspondence and paperwork that contains sensitive information. While you might not stuff tax papers into a folder you leave in your car, people frequently put sensitive information at risk by making simple mistakes or not following cybersecurity best practices. Protecting your data from cyberattacks is crucial to maintaining your reputation, retaining your clients, and avoiding costly downtime due to breaches. This article shares three things you can do today to protect your firm and client data from cyberattacks. Tip #1 – Follow general best practices Each business has unique risks, so while there is not a one-size-fits-all approach, there are general best practices everyone should follow: Use strong, unique passwords or pass phrases with at least 12 characters. Keep all hardware and software updated to protect against malware and ransomware infections. Know how to recognize suspicious links that could be embedded in social media posts, emails, texts, and more. Recognize and report phishing attempts by looking for these signs: Messages that are threatening or urgent with unusual spacing, lousy grammar, and misspellings. An email address that has misspellings (amazun.com or traget.com). Requests for personal information or for you to complete an odd business request. Stay alert for social engineering. Avoid accessing sensitive information on your accounts on unprotected public Wi-Fi. Always back up your data to a device or cloud solution not connected to your network. It is critical that everyone involved in your practice—yes, that means full-time, part-time, and seasonal employees, as well as contractors and vendors—understand cybersecurity risks and their responsibilities in protecting data. After all, you’re only as strong as your weakest link. Educate your staff regularly, and make cybersecurity a staff and client onboarding topic. Intuit ProConnect Tax #1 Cloud-Based Professional Tax Software Tap into Intuit’s world-class cloud ecosystem to boost productivity and simplify your workflow. Get more info Tip #2: Avoid sharing sensitive data through email Although it is a popular communication method, email was never meant to be a secure way to send sensitive information. Dr. Catherine J. Ullman, a senior information security analyst for the University of Buffalo, said: “Although you need credentials to log in and access the e-mail in your mailbox, email is, by default, sent from server to server in clear text that can be read by anyone while in transit.” There are multiple weaknesses hackers can intercept as the email travels from one server to the next. Sometimes hackers gain access to a server, which lets them read every email stored on it. Many documents accountants require for tax returns include sensitive information, such as financial data, income information, and Social Security numbers—none of which should be shared through email in the body of the message or an attachment. Tip #3: Move to the cloud Accounting professionals handle many documents with personal information hackers would love to access. It’s your responsibility to make sure they can’t. When thinking about your tech stack, ensure you partner with security-focused vendors who help you, your staff, and your clients securely work online. Look for ones that have measures like two-factor authentication, encryption at rest and transit, and automatic data backup. If you’re on the fence, moving to the cloud isn’t just for increased security. Intuit’s 2022 Taxpayer Insights & Intelligence Brief makes it very clear: Taxpayers have high expectations around digital, secure workflows. According to the survey, 73% of respondents want a secure place to upload documentation to their tax pro throughout the year, and 86% expect their tax documents and information to be stored with industry-standard security. When it comes to sending documents online, 74% of respondents wish to send their personal, sensitive data via a secure transfer. Put data security first Cybersecurity is complex. Hackers can access your information in many ways, and their technology and techniques are getting stronger every day. But when you educate your staff and clients, and partner with the right vendors—those who put data security first—everyone can rest assured their data is protected. Previous Post Lista de verificación y servicios de planificación de impuestos para… Next Post Protection Plus frees up firm’s staff to work on tax Written by Luke Kiely Luke Kiely is the founder of iComply Online and chief information security officer at SmartVault. His experience includes law enforcement positions where he was instrumental in covertly monitoring and apprehending perpetrators of data-based cybercrimes. In addition, Luke has held several key senior roles overseeing information security, cybersecurity, and data compliance for top SaaS companies. More from Luke Kiely Comments are closed. Browse Related Articles Practice Management 8 elements in your Written Info Security Plan (WISP) Practice Management What is a VPN? (and 4 reasons why every tax professiona… Advisory Services Cybersecurity: A critical opportunity for advisory serv… Tax Law and News Safeguards Rule and cybersecurity leadership Practice Management How to Hire a Cybersecurity Pro for Your Tax Practice Practice Management Awareness of ID theft and cybersecurity precautions for… Client Relationships 4 Tips to Help Your Clients Avoid Tax Season Phishing S… Practice Management How the IRS protects taxpayers from tax-related identit… Client Relationships Securing Client Data From ID Theft in a Tax Practice Webinars Practical Security Checklist: Jan. 14