Why Security Measures Are Critical for Tax Pros
Every firm is different when it comes to how they acquire, access, store or share data. Given the importance of security of your client’s and your firm’s data, it is important for you to deeply understand the procedures and practices that are in place...
Mar. 24, 2022
By Jorge Olavarrieta.
In the tax and accounting profession, your clients entrust you and provide you with highly sensitive data in order for you to deliver on their needs. Due to the sensitive nature of this data, security needs to be top of mind at all times, and having the appropriate plans, processes, and tools in place to ensure security of this data is critical for both your clients and for your firm.
Invest in the Right Products and Services
Every firm is different when it comes to how they acquire, access, store, or share data.Given the importance of security of your client’s and your firm’s data, it is important for you to deeply understand the procedures and practices that are in place for the solutions you choose to use to provide your clients with the services they need. When considering a new solution, there are a number of questions you should ask to ensure data security. What capabilities are in place to help prevent fraudulent access? Does the vendor provide multi-factor authentication? Where is the data stored? How is the data encrypted? Who has access to the data?
Beyond what solution providers enforce to ensure data security, you also need to review your internal processes. What policies do you have in place regarding passwords in your office? Who has access to your client’s or firm’s data, and who doesn’t? How are you protecting your office network from potential external intrusion? How do you ensure security of non-digital information?
The security processes and procedures within your firm are only as good as the weakest link in the chain. Over the past few years, we have seen cybercriminals increase targeting of individual firms, where the level of protection may not be as strong as it is within large companies who constantly monitor, review, and update their processes and procedures. In short, data security is not something that is simply solved by the policies in your office or that of the vendors with whom you partner. Data security requires both solution providers as well as the individual firms to have the right tools in place to fend off those intending to profit from the use of stolen data.
Security of Data as Your #1 Concern
Data security is not a new concern to the tax and accounting profession. As noted above, your clients come to you with very personal, private, and sensitive information that can make or break their success as individuals and/or business owners. It’s up to those of us in the accounting profession to make sure their data is protected first and foremost, and then continue working on advising and growing their business. There are a number of regulations, publications, IRS code sections, and more that help inform and guide the actions the professional must take in order to remain compliant.
Failure to meet some of these obligations can not only result in significant pain for your customers, but can also lead to FTC investigations of the firm itself. It is the responsibility of the professional to stay current on the requirements and rules in this regard. There are a number of resources available to help you better understand these obligations, and it is imperative that you are not only familiar with these obligations, but that you put clear action plans in place to ensure you are adequately following them. Intuit’s privacy and security portal and the AICPA have a wealth of information in this regard, and this article in particular provides a good summary of the regulations along with templates you can use to ensure you have the right controls in place.
In summary, as you work to better deliver on the needs of your clients and of your firm, data security is a key factor that must be considered when you evaluate products, and the processes and policies you put in place are just as important. While the larger software providers have mechanisms in place to protect your client and firm data, software providers cannot solve these problems alone.
You must have a solid plan of action, clear policies within your office, and adequate disclosures to your clients. Much like in the physical world, where thieves and other bad actors are looking for the easiest path, cybercriminals are constantly looking for the next easy target. So turn on your outside lights, keep your bushes well-trimmed, and install a security system. While these are obviously well known tips for protecting your home from a burglar, in the digital world we live in today the best way to avoid a breach is to put the right controls and policies in place.
======
Jorge Olavarrieta is VP of Product Management and Design at Intuit.