The “Security Six”
Given the sensitive and valuable private data they deal with, accountants need to make sure their cybersecurity is up to standard. But just what is the standard? The IRS has developed the “Taxes-Security-Together” checklist to show firms like yours exactly what steps they need to take to protect their clients’ data.
Both in the private and professional fields, cybersecurity is more important than ever – and for your accounting firm especially.
The fact is that the cybercrime business has never been bigger – it’s estimated that the global cybercrime industry will cause up to $6 trillion in damages in just a few years. It remains such a lucrative business because targets – like your accounting firm – keep failing to learn how cybercriminals operate, and how to protect against it.
The IRS wants to help – they’ve developed the “Taxes-Security-Together” checklist, which details the six fundamental parts of an effective cybersecurity posture.
“These six steps are simple actions that anyone can take,” said IRS Commissioner Chuck Rettig in a press release. “The important thing to remember is that every tax professional, whether a sole practitioner or a partner in a large firm, is a potential target for cybercriminals. No tax business should assume they are too small or too smart to avoid identity thieves.”
What Are The Security Six?
1. Anti-virus Software
Antivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation. The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.
Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.
If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – that recognizes it as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against suspicious behavior.
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
A firewall inspects and filters incoming and outgoing data in the following ways:
- With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
- Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
- By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
- With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
- Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.
3. Two-Factor Authentication
Two-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior.
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to make sure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
There are three categories of information that can be used in this process:
- Something you have: Includes a mobile phone, app, or generated code
- Something you know: A family member’s name, city of birth, pin, or phrase
- Something you are: Includes fingerprints and facial recognition
So what are the benefits of a Two-Factor Authentication solution?
- Bring Your Own Device: In today’s modern business world, more and more employees prefer to do at least some of their work through their mobile devices, which can present a serious security risk. However, with an MFA solution, you can enroll new employee devices in minutes, given that there’s no need to install an endpoint agent.
- Convenient Flexibility: A Two-Factor Authentication solution won’t force you to apply the same security policies to every user in the company. Instead, you are given the capability to specify policies person by person or group by group.
4. Data Backup
Do you have a data backup policy in place?
If not, then you’re vulnerable, right now, to ransomware.
Ransomware has quickly become one of the biggest cyber threats to businesses today – remember the Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries?
That was ransomware, and it could happen to you too. Unless that is, you get a data backup solution put in place.
If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.
Encryption technology is a great way to protect important data. By making data unreadable to anyone who isn’t supposed to have access to it, you can secure files stored on your systems, servers, and mobile devices, as well as files sent via email or through file-sharing services.
6. Virtual Private Network
One of the most proven techniques to make sure your data is safe is to use a virtual private network (VPN), which will give you back control over how you’re identified online. A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers.
When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.
That makes it harder for an attacker to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee. Even if attackers can intercept your data, the encryption means the attackers can’t understand your data or use it to their advantage.
When you put your data out to the VPN server, it exits back out to the public internet. If the site you’re visiting has HTTPS to keep the connection safe, you are still secure.
There you have it – the six must-have technologies for accounting firms. Now that you know what you need, you won’t have a problem researching, purchasing, installing and maintaining these solutions, right?
… well, maybe. It’s understandable if you don’t think you have the time or knowledge to handle this on your own. That’s why you can get an IT company to do it for you. They’ll take care of it, so you can know you’re secure and focus on your work.
Like this article? Check out the following blogs to learn more: