On March 27th, the IRS issued guidance on the increasing dangers of cybercrime and the importance of data security for every tax professional. According to the IRS website, "tax professionals are the prime targets for identity thieves, and data breaches continue to affect tax professionals at an alarming rate." While we need to catch cyber criminals and bring them to justice, we also need to be proactive and develop sound defense strategies.
According to an IRS statement, “The Federal Trade Commission requires all financial institutions (yes, tax return preparers are included in the definition of financial institutions) to have a data security plan.” If being legally obligated to do this isn't enough, the effects of data breaches — which include system downtime, loss of goodwill, and client churn — can be crippling. Clearly, the potential damage of a breach warrants enough concern for every firm to take action.
In an interview, former Homeland Security Chief Jeh Johnson said the third highest concern for firms should be “impressing upon the leadership team that cybersecurity has got to be a core priority of the business. Just like the protection of your physical infrastructure, it’s not just simply an information security concern that you pass off to your chief information officer. It is a core part of the business.” Having a plan for cyberattacks puts your firm in the best position possible to mitigate the impact if one transpires.
If you’re rolling out security practices for the first time or are doing a major overhaul of existing ones, turn to the experts. They'll personalize the security plan to your business needs and help you protect firm and client data. Johnson noted in his interview, “Get a team of cyber experts and a sufficient level of cyber capability that can provide some sophisticated level of defense.” Make this team responsible for encryption and backups, which enable your firm to render stolen data useless if it falls into the wrong hands. Keep network administration rights in the hands of this team and task them with setting up anti-malware and firewall software.
Wondering how to find the right cybersecurity professional? Here are some tips:
- Get a referral. There's no better way to find a good match than talking to other tax professionals and business owners. If someone's had a good experience, ask him or her for contact information.
- Be selective. Data protection isn't brain surgery or rocket science, but there's a lot at stake. Put forth whatever resources it takes to hire someone you trust — it's worth it. Look for a qualified candidate who makes you feel comfortable discussing the security of your business and clients.
- Treat it like the job interview it is. Give the interview process the attention your clients deserve. Ask candidates about their level of experience in protecting data systems and developing security plans for similar sized businesses. Inquire about options for backing up data and the scope of monitoring for current and emerging security threats.
- Put it in writing. When you’ve found the right fit, secure an agreement or engagement letter that details the terms of service. Congratulations! You’re one step closer to better security.
This time of year, accounting firms are at increased risk of being targeted by cyber criminals. Don’t let your security protocols slack; use this as an opportunity to make your security measures stronger than ever. Trust the experts to build a comprehensive security strategy that’s tailored to your firm. By properly storing and safeguarding data, you’ll comply with your regulatory responsibilities. “Remember, protecting taxpayer information is not only good for your clients and your business - it’s the law.”
AbacusNext can help you protect your client data while maximizing your firm’s productivity. Learn more about Abacus Private Cloud, the only fully-managed cloud-enablement solution designed for accounting professionals.