Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Risks: Tax Season Means Extra Vigilance in Keeping Client Data Safe


Cyber Risks Tax Season Means Extra Vigilance in Keeping Client Data SafeIt’s that time of year when accountants and tax preparers are busy preparing client tax returns for 2015. It’s also when a plethora of information is being shared between clients and accountants via email, Google Docs, Dropbox and other information-sharing platforms. This information includes Social Security numbers, financial statements and IRS forms, putting both accountants and their clients at risk for cyber crimes.

Emailing information may seem like the most efficient and easiest way of sharing information but it’s just not safe. When you or your clients send an e-mail, it travels over many different servers before the message reaches its intended recipient. At any point during this travel an e-mail message can be intercepted. Another potential problem area involves the lack of control one has with email. A tax preparer or accountant can’t “unsend” a message once they click send. Therefore, if a form or document containing personal information for one client is accidently sent to another client, there is nothing that can be done to pull the message back. With e-mail it is also impossible to control the forwarding of information or the possibility of something being printed.

Some preparers may choose to use a free service like Dropbox or Google Docs in lieu of email, believing that these tools offer more security. However, these services and others come with their own set of security and control problems and are often complex to use. Cloud-based file sharing and synchronization services like Dropbox, Google Drive and OneDrive are prone to leaving messages vulnerable to a “man-in-the-cloud” attack. This occurs when you sync and share files on different devises, such as a desktop, laptop and mobile phone. To do this channels must be opened (logged in at the same time) for the synchronization to take place, leaving you exposed to files being hacked.

What can accountants and tax preparers do to minimize exposures to cyber attacks. Following are some measures to take, courtesy of Accounting Today.

  • Don’t compromise ease of use for security and vice versa. Be sure you fully understand the solutions you are using to share secure files. Do this by performing the proper due diligence on providers; understanding the details in the vendor agreements with which you are working; and telling your clients if you’re moving to a cloud service.
  • Opt for individual item encryption, which assigns a unique key for each data object (document or message) rather than bulk encryption. If a cyber criminal successfully uncovers the key, it is for just one item, not hundreds, thousands or even millions of files. Moreover, two-factor authentication is an additional recommended security measure when dealing with confidential financial information. Two-factor authentication requires the use of a password and a second form of security to verify a user is who they say they are. The most common method for second factor authentication is the use of a code that is sent either via text or e-mail to the person signing in. The recipient must enter the code to gain access to their account. When using two-factor authentication, if someone hacks a password but doesn’t have the code, they can’t access the information.
  • Avoid installing software. If you need to install software to use a system, that means your clients will have to do the same. Many people are just not comfortable installing software on their computers, no matter how simple the installation process; therefore, Web-based rather than application-based solutions are much more appealing to most. Web-based secure file transfer systems allow people to connect and share files from any device at any time over the Internet, regardless of what device they are on or their location.

Be sure you also have the right insurance coverage in place should your client data be compromised. A Cyber Liability policy can be designed to provide coverage for legal, technical or forensic investigations of a possible breach or attack; the cost of remediating the damage from the breach or attack; business interruption insurance; payments to extortionists threatening to expose sensitive information; and data loss restoration due to a cyber attack. There is also what’s known as “third-party insurance”, which covers your clients, and perhaps others with whom you do business, if your files including their data is breached or attacked. Policies vary widely, but third-party coverage may cover the costs associated with potential consequences or requirements such as responses to civil lawsuits; preparation of responses to governmental inquiries; payment of any related government fines and penalties; notification of clients and other victims; public relations expenses associated with a cyber crisis; and credit monitoring services for clients.

Axis Insurance Services specialize in Cyber insurance for accountants, CPA firms, tax preparers and auditors. We can review the types of policies available and discuss what is right for you. Just give us a call at (877) 787-5258.

Comments

comments

Blogged on: February 24, 2016 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions