How to Protect Your Accounting Firm from Cyber Attacks This Tax Season

Accounting and finance professionals handle a tremendous amount of client correspondence and paperwork that contains sensitive information. While you might not stuff tax papers into a folder that you leave in your car anymore, many people frequently send items containing personal and financial information over email.

The approaching tax season means the volume of documents exchanged between tax professionals and clients is going to balloon astronomically, making now the perfect time to assess your security features and determine if they’re up to code. Patrick Schreiner, a business cybersecurity risk advisor at one of America’s Big Three Index Fund Managers, offers some guidelines to help you get started.

How do I know if my device’s security features are outdated?

Schreiner says the most accurate measure of a device’s age is whether its features are still supported. One easy way to figure this out is to pay attention to whether the computer or phone is still regularly updating itself. If it’s not, that’s a red flag you shouldn’t ignore.

“Take Microsoft Windows, for example,” he explains. “Over 10% of global Windows computers are running unsupported operating systems. This means no updates to protect [them] from new, malicious attacks like ransomware, viruses, [or] cryptomining [and] no fixes for incompatible software.”

That leaves you facing two big risks. One, viruses and malware change and adapt all the time, hence the need for regular software updates to maintain the same level of security. And two, if you work in a regulated industry, you’re very likely to find yourself staring down the barrel of compliance issues. Such industries also require a mandatory breach notification to be sent to clients, which is the last thing any professional wants no matter what they’re doing. For businesses, the lost reputation and diminished trust can spell ruin.

What can I do to lower cybersecurity risk for my accounting practice?

Schreiner recommends everyone take the following precautions:

1. Take advantage of MFA

Make good security hygiene a semi-regular part of your routine. Update your devices when prompted and do the same for your software programs. Use strong, long, complex passwords in addition to multi-factor authentication (or MFA). “MFA in general is a really easy win for a lot of people if it’s available for things like your email, SaaS products, and financial services. MFA can prevent bad actors from accessing your accounts even if they have your password,” says Schreiner.

2. Check vendor websites

“Vendor websites can help you determine if you need to upgrade or replace your devices, whether you’re concerned about your phone or your computer,” Schreiner says. He adds that there’s no way to judge when your cybersecurity risk has gone up solely based on the age of your device. He also recommends subscribing to vendor newsletters or frequenting security websites. “Many times, large vendors like Microsoft, Apple, Google, etc. warn several months or even years in advance when hardware or software will be going ‘end of life’ – in other words, unsupported.”

3. Don’t discount your own importance in preventing cyber attacks

Cyber attacks frequently start when someone clicks a malicious link in an email or downloads an attachment. Remember the Bangladeshi bank that was infiltrated by hackers and robbed to the tune of $1 billion back in 2016? The attackers were able to get into the bank’s system by sending in resumes for open jobs and including viruses in downloadable files disguised as resumes. While this is an outsized example, it illustrates the point Schreiner wants to emphasize: People – not firewalls and other digital security measures – are always the weakest link.

But there’s good news: “The strongest link is ALSO the person. Reporting a suspicious email to your IT department may alert them to remove it from other colleagues’ inboxes, help update their spam filters, and learn the tactics of attackers.”

So this tax season, don’t ignore the upgrades your computer and software prompt you to make. Even though this is a time-consuming job that can be frustrating and makes you feel like you’re wasting precious minutes that could be spent on a revenue-generating task, think of the possible consequences. Leaving yourself vulnerable opens you to a myriad of more severe issues, such as permanent loss of trust in your firm, untold amounts of profits, and days or weeks to get back online and fix everything.

What technology can help protect my accounting practice from cyber attacks?

Hackers always look for new, more sophisticated ways to access sensitive information. Along with following proven strategies like those above, another powerful way is to use a document management system and client portal that allows you to securely store and share files and data online.

Partnering with security-focused vendors who offer solutions built for your unique needs is crucial. This way, you and your clients can rest assured that robust security measures safeguard your most valuable information.

Over two million people use SmartVault’s document management system and client portal to store and share documents online securely. Schedule a demo today to see how SmartVault can help protect your business and clients’ data.

Blog by: Carrie Stemke