Learn the Best Practices for Keeping Client Data Safe
Posted at: November 01, 2021
Professional tax software is designed to be secure. Sensitive customer data is protected behind a private account. Only an authorized user can access the information in the system.
That doesn't mean you don't have to think about security. If an account user's login credentials ever get leaked, your system can be breached. Tax preparation requires the handling of sensitive personal information. Security is paramount in this line of work.
Every tax office manager needs to learn the best practices for keeping customer data safe and secure.
Basic Account Security Practices
Data security begins with you. As the business owner or manager, you have top-level access to the tax software account. You have to ensure that your own account cannot be compromised. Fortunately, you can protect it firmly by using simple security practices. Learn them well.
First, you should create a business email address for yourself. Do not use your personal email address for online and software accounts used for work. If your personal email address should ever get compromised, your office accounts will remain safe. Your clients' secure information will remain protected!
Good password security is paramount. To get the best protection, use a cloud-based password manager with a random password generator. These applications can ensure that your accounts are practically uncrackable. That is, they will take too much work to crack, so hackers will not bother to attack your accounts—they'll look for easier victims instead.
Choosing a Strong Password
The one downside to using a password manager is that you can't afford to forget your keypass. These types of programs don't let you easily recover a forgotten key. That shouldn't prevent you from using password managers, but it is an important feature to note.
If you do decide not to use these applications and create your own passwords, you need to make sure they will be difficult to crack. Don't use passwords that are easy to guess. These include strings like “123456” and “qwerty,” commonly used words like “password,” and combinations that use your birth date.
Length is an important factor. Your password should not have less than 15 characters. And try to use a combination of characters, including lowercase letters, uppercase letters, numbers, and symbols. You'll also need to create a different password for every account you have. Reusing passwords is a very bad security practice… if one account is ever hacked, then that password can unlock any other account that uses it as well.
Now, it's not easy to memorize a lot of different passwords that use complex combinations of characters. That's what makes using a password manager a good idea. You only need to memorize one password, and the application handles all the rest.
Of course, everyone in the office should be using strong passwords at work. Give your team training on how to use password managers or create uncrackable passwords.
Restricting Account Access
The first rule of security is to keep what is valuable under lock and key! In digital terms, that means restricting access to important user accounts. If you're using software that reads and processes customer data, you want to limit its use to a few authorized agents.
Depending on the software, you may be able to designate one or more tiers of user accounts. You can have an administrative account, a top-level account that has full access to the software and all its data. You definitely want to limit the people who can enjoy administrative privileges! Perhaps you could limit it to yourself… and possibly high-level IT personnel.
You can use office management software to create and modify user accounts of various types. ProClient is office management software that lets you customize permissions for each type of user account. You can also use ProClient to aid you with secure document management.
Beware of Phishing Scams and Malware!
One of the most common vectors for attacks is phishing in email messages. Phishing refers to deceptive schemes used to get people to reveal sensitive info or download malicious software into their computer.
A typical phishing attempt involves sending a fake email message that appears to be sent from a reputable source, such as a bank, credit card company, tech company (like Microsoft), online store (like Amazon), or web platform (like Facebook). The message contains a link that leads to a false website, which may attempt to install malware on the user's device. In other cases, the false website asks the user to enter information, which could include passwords and other sensitive data.
The best protection against phishing is to spread awareness of the danger. Train yourself and your employees to use secure practices to avoid scams and malware. People should examine email messages carefully and take caution when clicking on links and opening attachments. They should be especially wary of special offers and scary warning messages.
Malware infection can be very costly. A ransomware attack may hold your data hostage until you pay the hackers to release it. A few seminars on digital security practices can save you the expense of dealing with a hacking attack.
Designing a Written Information Security Program
Does your organization have a data security plan? You definitely should have one. Several US states have laws requiring certain businesses to maintain a Written Information Security Plan, or WISP.
Tax preparation requires customers to provide personal information to you in performing the service. That means tax preparation offices count among the businesses that would be required to use a WISP. In any case, it is a good security practice to have a data protection plan for your office. A WISP can also help limit your liability in the event of a breach.
Crafting a WISP often starts with a cyber security assessment of your policies and procedures. The evaluation can identify risks and vulnerabilities within your system. With that knowledge, your team can be prepared to guard against potential exploits.
You should speak to a lawyer as well as a security expert when drafting the language of the WISP. The plan should set down policies for the acceptance, transfer, and storage of digital information. It should also define the responsibilities of team members surrounding their access to private data, and detail penalties for irresponsible practices. And it should provide guidelines for a response to a data security breach if it were to occur.
Data Protection Systems and Tools for Your Office
You should seriously consider installing cyber security software in your office computers. If you have a small operation with only a few devices, then you might be able to rely on their built-in security applications. Even then, you might want to set up an Internet firewall and subscribe to an anti-malware service.
If you are planning to hire an IT person, delegate to them the responsibility of setting up your office's data security systems. Let the IT team or person handle cyber security and listen to their recommendations.
Here's a list of the tools and systems you might want to get:
- Cyber security software with firewall - You can find programs that specialize in protecting devices against cyber security threats. Anti-virus and anti-malware software is provided in combination with other security tools.
- Cloud storage accounts - To keep client data safe and secure, upload their digital documents to a cloud storage service. That provides you with backups in case the customer files get lost or corrupted.
- Biometric scanners - If you are very security conscious, you may want to install fingerprint scanners on your devices. That will lock out anyone but the persons who are authorized to use them.
- Virtual Private Network - Subscribing to a VPN does a lot to protect private data. The service can automatically encrypt online communications that pass through the VPN. (Don't call it a “VPN network,” that's redundant!) This prevents the data from being intercepted by an unauthorized party—and even the ISP!
Using Professional Tax Software
Given that the IRS facilitates the submission of income tax returns through electronic means, you have no good reason to do otherwise. It offers a more speedy and secure method of filing tax returns, compared to using “snail mail.”
Tax return e-filing is a feature offered by every brand of professional tax preparation software. If you are going to be e-filing a lot of tax forms, it makes sense to use software to handle both tax return processing and sending.
Professional tax software requires an account subscription to use. All data entered into the software is secured behind an account. Unauthorized users will not be able to access this data. So the use of tax software can be viewed as part of your office's data security program.
What tax preparation software should you get? You will find that there are many options on the market that are specifically designed for tax professionals. They include all the features you need to run a tax preparation business.
To be frank, you won't find too many differences between brands of professional tax software. Some brands are more prestigious. Some subscriptions offer a few additional features. But you'll find that the essential functions are pretty much the same. That makes it easy for a tax preparer to go with the option they find most affordable.
UltimateTax is one of the most affordable professional tax software brands you can find. It offers top-notch functionality and excellent ease of use. It is also supported by a responsive and knowledgeable customer service team.
Try UltimateTax software today! Get started with a free demo to see what it can do!
UltimateTax Service, Inc. is a professional tax software provider. We provide this information as a service to our clients and friends. The information we post is for your viewing and knowledge pleasure. We take all information we post seriously and stand behind what we post. However, information we post is not meant to be used as your sole position in tax cases.