Why security measures are critical for tax pros

In the tax and accounting profession, your clients entrust and provide you with highly sensitive data in order for you to deliver on their needs. Due to the sensitive nature of this data, security needs to be top of mind at all times, and having the appropriate plans, processes, and tools in place to ensure security of this data is critical for both your clients and for your firm.

Invest in the right products and services

Every firm is different when it comes to how they acquire, access, store, or share data. Given the importance of security of your clients’ and firm’s data, it is important for you to deeply understand the procedures and practices that are in place for the solutions you choose to use to provide your clients with the services they need. When considering a new solution, there are a number of questions you should ask to ensure data security. What capabilities are in place to help prevent fraudulent access? Does the vendor provide multi-factor authentication? Where is the data stored? How is the data encrypted? Who has access to the data?

Beyond what solution providers enforce to ensure data security, you also need to review your internal processes. What policies do you have in place regarding passwords in your office? Who has access to your clients’ or firm’s data, and who doesn’t? How are you protecting your office network from potential external intrusion? How do you ensure security of non-digital information?

The security processes and procedures within your firm are only as good as the weakest link in the chain. Over the past few years, we have seen cybercriminals increase targeting of individual firms, where the level of protection may not be as strong as it is within large companies that constantly monitor, review, and update their processes and procedures. In short, data security is not something that is simply solved by the policies in your office or by your vendors. Data security requires solution providers, as well as the individual firms, to have the right tools in place to fend off those intending to profit from the use of stolen data.

Security of data is your #1 concern

Data security is not a new concern to the tax and accounting profession. As noted above, your clients come to you with very personal, private, and sensitive information that can make or break their success as individuals and/or business owners. It’s up to those of us in the tax and accounting profession to make sure their data is protected first and foremost, and then continue working on advising and growing their business. There are a number of regulations, publications, IRS code sections, and more that help inform and guide the actions the professional must take in order to remain compliant.

Failure to meet some of these obligations can result in significant pain for your customers and lead to FTC investigations of the firm itself. It is the responsibility of the professional to stay current on the requirements and rules in this regard. There are a number of resources available to help you better understand these obligations, and it is imperative that you are not only familiar with these obligations, but that you put clear action plans in place to ensure you are adequately following them. Intuit’s privacy and security portal and the AICPA have a wealth of information in this regard, and this article in particular provides a good summary of the regulations, along with templates you can use to ensure you have the right controls in place.

In summary, as you work to better deliver on the needs of your clients and your firm, data security is a key factor that must be considered when you evaluate products, and the processes and policies you put in place are just as important. While the larger software providers have mechanisms in place to protect your client and firm data, software providers cannot solve these problems alone.

You must have a solid plan of action, clear policies within your office, and adequate disclosures to your clients. Much like in the physical world, where thieves and other bad actors are looking for the easiest path, cybercriminals are constantly looking for the next easy target. So, turn on your outside lights, keep your bushes well trimmed, and install a security system. While these are obviously well known tips for protecting your home from a burglar, in the digital world we live in today, the best way to avoid a breach is to put the right controls and policies in place.

Editor’s note: This article was originally published by the CPA Practice Advisor.

Comments are closed.