Hey accountants, how are you protecting client data from cybercrime?
Cybersecurity planning for accountants isn’t optional anymore, it’s essential. Which is exactly why the FTC has enforced the Safeguard Rule and requires every PTIN holder to have a WISP (Written Information Security Plan) in which you define in detail what your security plan and protocol entails.
With so much life and business communication happening digitally, accountants have a new role. You may not have realized that you signed up for this. However, when you are taking on a customer’s trust, you are also responsible to be a guard of your client’s personal and corporate data, too.
You have what cybercriminals want – social security numbers, banking details, and tax returns – and it’s your job to do everything you can to make sure they never find it by setting up multiple layers of protection.
Regardless of the size of the business, accountants should all understand these cybersecurity planning best practices, so that you can protect your reputation and stay compliant with the FTC and IRS.
Why are cyberattacks aimed at accountants?
Cybercriminals know that accountants’ inboxes, laptops, and desks are full of private data. And, they know that this information is often under protected. Especially during tax season when accountants are focused on deadlines and client work, cyber attacks increase with ransomware, phishing scams, and data theft.
Some common easy access points for cyber attackers are:
- Outdated systems or software
- Weak passwords
- Unsecure Wi-Fi
- Unprotected file sharing
- Missing employee training
Since most accounting firms, especially ones that are small or midsize, don’t have an IT staff in house, cyberattackers see these businesses as easy targets.
Accountant cybersecurity best practices
You can reduce your risk and help your client’s data stay protected by keeping security top of mind. Here are some accountant cybersecurity best practices:
1. Know how to create a strong, unique password
Consider this your first line of defense. Avoid using the same password for more than one platform, and use 15 characters with a unique mix of letters, numbers and symbols. A password manager is a great way to keep all of your credentials safe and in one spot.
2. Enable MFA, multi-factor authentication
Passwords are your first line of defense, but if a hacker was able to break through, MFA is an added layer of protection. Having a code sent to your phone or created by an app means that it is one more layer of security for cybercriminals to get through in order to gain unauthorized access.
3. Communicate with clients using encryption
After your first and second line of defense, if an attacker is able to get a hold of email communication, encryption is your key that keeps them from unlocking it. Email is unsecure, and you should never send a client’s private data through unencrypted email. Instead, use secure encrypted email software or client portals to protect confidential information.
4. Update your software and systems regularly
There is a reason that updating your IRS WISP annually is a compliance requirement. These updates keep cybersecurity top of mind. Make sure your operating system, software, and antivirus tools are always up to date. You can also set up your updates to be automatic, so you don’t miss it. When you use WISP Builder to create your security plan, it will also remind you annually to make these updates.
5. Train your team on cybersecurity
Your cybersecurity plan is only as good as the people who put it into action. This is why it’s required to train your staff (even if it’s just you) on your WISP. Best practice means training your staff to avoid suspicious links, notice phishing emails, and to handle data in the best way possible.
How to build an IRS WISP using WISP Builder?
Having a Written Information Security Plan, or WISP, helps you define what measures your firm is taking, or how many layers of protection you have to help deter a cyberattack.
Tools like WISP Builder make creating a WISP easier, help you to stay on top of annual updates and stay compliant. The WISP Builder tool walks you through the creation of your security plan step by step, so you can feel ready if the FTC or IRS were to come knocking.
Updates are easy to make in WISP Builder with built-in reminders and easy editing tools – so you can get back to serving your clients faster.
Cyber threats aren’t slowing down, so be prepared.
Cyberattacks are only increasing, and these threats are changing all the time. By following these cybersecurity best practices for accountants, creating a WISP, and staying on top of training and updates, your risks are significantly reduced.
Start adding multiple layers to your security plan today. The first step is to get your WISP in place at WISPbuilder.com.
