Why Tax Professionals Need To Be Aware Of Cybersecurity
Let’s say you are a successful business owner, EA, or CPA and are emailing out a tax return PDF before heading home for the day. Suddenly, the file does not send, your email stops working, and none of your files will open. Your business is now dead in the water. Your IT professional says you have been subjected to a ransomware attack, and it is too late to stop its terror. The cybercriminals behind the attack are demanding an exorbitant fee to return everything to normal. Eventually, they cash in all your clients one at a time forcing you to call every client to explain that their personal information has been stolen.
As Benjamin Franklin said, “An ounce of prevention is worth more than a pound of cure,” so fully understanding why cybersecurity is a requirement for all tax professionals is critical. Stolen information can happen to you!
Cybercriminal Adaptation
As technology continues to improve, cybercriminals are adapting, evolving, and specializing in infiltrating devices and exploiting the stored information. Also, these criminals have perfected who they target and the best options for extracting the most information, data, or money. Hackers use similar methods of avoiding detection as the bank robbers of the past who often disguised themselves as personnel, delivery people, and telegram messengers. Today, cybercriminals have a variety of disguises to trick unsuspecting users.
In the past, the IRS was a primary target of con artists who would submit fake earned income credit returns. Once the IRS caught on and changed the law, fraudsters have adapted to the increased barriers and now act as IRS agents who send emails to tax professionals, alluring them to open malware-ridden documents that could expose all stored financial accounts and documents on their computer. Larger accounting firms may have thousands of stored accounts or more.
Tax Professionals Offer a Target-Rich Population
In 2018, the IRS reported that there were over three-quarters of a million tax preparers in the United States that file 79.3 million of 152.6 million federal income tax returns. With so many returns, there are endless opportunities for cybercriminals to access information through tax professionals with weak cybersecurity. The IRS has taken multiple steps toward strengthening its defenses through authentication before issuing refunds that require cybercriminals to capture more detailed sensitive information from clients, which they can access through human resources, accounting systems, and other areas that hold financial data.
How to Safeguard User Data
Luckily, tax professionals and their sensitive client information are not left out for the taking. There are numerous steps toward safeguarding user data, including:
Creating Strong Passwords
Passwords must be a minimum of characters using a combination of numbers, letters, and symbols. Passwords should never be reused and must always be stored in a secure location like a password manager.
Ensuring a Secure Wireless Network
The default admin password of the wireless router must be changed to a unique string of characters, the wireless range should be set to the office, and the router information must never contain personal information to better ensure the wireless network. Furthermore, use WPA-2 security with the Advanced Encryption Standard and never access business documents or email using public Wi-Fi.
Protecting Stored Client Data
To protect stored client data, make sure to back up encrypted files to the cloud or external hard drives, avoid installing unnecessary applications or software to the network, stay clear of free software downloads, and conduct an inventory of all devices that store client data. To follow best practices, you should disable internet access for devices holding stored taxpayer data and wipe all devices and electronic storage media before elimination.
Remaining Vigilant
Maintaining a high level of vigilance goes a long way to further protect your systems. This includes spotting data theft, recognizing and guarding against phishing emails and scams, monitoring online activity, and safely browsing the internet, making sure not to access risky sites that can easily be identified by security software.
Using Security Software
Using security software will help eliminate most of these threats. This includes anti-virus and anti-spyware software, as well as drive encryption and firewalls. You do not need to purchase these separately as most security software companies offer a suite that includes each of these options.
Reporting Data Loss to the Government
In the instance there is a breach in client files, it is critical for you to first contact the IRS, then the recommended law environment agency (Secret Service, FBI, etc.), and local police. It is also pertinent to contact the states where you prepare returns to understand how to report the issue and whom to report it to. Additionally, contact IT security experts who can investigate the root cause of the issue and your insurance company to determine the financial loss.
