Along with tax season comes an increase in taxpayer data theft and associated fraud. So, the IRS has issued Publication 4557 to help tax preparation professionals safeguard the data that has been entrusted to them.
Last week, we looked at the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) and why tax preparers need a written data security plan. This week, we’ll look at some other practical steps that you can take to protect your customers’ data against theft and fraud.
Good security practice starts on the workstations that you and your employees use for their work. Install antivirus software and keep it up to date. And when your computer asks you to reboot to install updates, do it! These updates contain security fixes that keep your computer and your data secure. Many recent high-profile data breaches were caused by out-of-date software, so updates will help you to stay one step ahead of hackers and viruses.
Both Windows and MacOS have built-in firewalls as well, so make sure they’re turned on. A firewall can help keep malicious software from getting a foothold on your network and spreading to other machines.
And, be sure to use disk encryption, especially if you use laptops. On Windows, there’s BitLocker, while MacOS has FileVault. If your computer were stolen, disk encryption will keep others from reading the data stored on your hard drive — keeping it from falling into the wrong hands.
If you use Wi-Fi in your business, make sure that it’s properly secured. It should have a strong password with WPA2 encryption enabled — anything older, such as WPA or WEP, are too insecure for serious use. Additionally, if you allow clients to connect to your network, have a separate guest network set up for their use, which doesn’t allow access to your data and files.
Any devices you use on your network should also be secured. This includes your router, access points, modem, and printers. Don’t leave these set to their default passwords — change them to something strong and hard to guess.
With so many passwords to remember, many people fall into two dangerous password habits: using weak, easy-to-guess passwords, and re-using the same password on different sites. In a common scenario, a low-security site has its password database stolen. Then, those usernames, emails, and passwords are tried on many other sites, such as email or banking sites. In many cases, this gives hackers exactly what they’re looking for.
Using a good password manager can solve both of these problems. You just need to remember one strong password, and then the password manager will automatically create and store strong, unique passwords for all the sites you use. This is even more important if you’re using cloud suites like Office 365 or QuickBooks Online. Keeping these passwords secure means keeping your client data secure.
Ultimately, all of these steps are designed to protect the data that your clients are trusting you to protect. So, it’s important to make sure that the data itself is physically protected as well.
Keep an inventory of any devices or locations where you are storing taxpayer data. This could include external drives, backups on CD or tape, laptops, desktops, and cloud services. Make sure that these are both physically secure (i.e., locked up) and digitally secure (encrypted).
Additionally, backups are an important part of data protection. If the devices storing your data were destroyed due to fire, flood, or a malware infection, how would you recover them? If you back up to physical media, store them somewhere offsite but secure, like a safe at your house. Or, many companies offer cloud backup solutions. But be sure to choose a trusted provider and encrypt your backups before uploading them.
Implementing these technical controls can be a challenge, especially for small businesses. Partnering with a managed IT service provider like E-N Computers can help you keep your data protected and your business compliant. If you’d like to find out more about our managed IT services, contact us today for a free quote.