Cybersecurity Protocols: 3 Steps for Tax Season

If you think the middle of tax season “is not the time” to proactively improve your firm’s cyber security protocols, you may be playing right into the hands of cybercriminals who are emboldened to launch attacks when they believe their targets are distracted by other things (such as tax return preparation, for example).

It’s no secret in the accounting profession that data breach attempts and cybersecurity attacks aimed at tax preparers, their clients, and the IRS are increasing in frequency and level of sophistication. Tax season has always been a prime time for cybercriminals to strike, but now the bad actors are multiplying and getting more adept at flying under the radar. This makes it imperative for you to remain constantly vigilant and be proactive in taking all possible steps to defend your firm against attacks that could take it down during tax season.

Handling cybersecurity in accounting is similar to handling cybersecurity in any other business, but there are a few industry-specific points to be aware of, like the proper handling of Personally Identifiable Information (PII). The support team at Swizznet suggests taking the following three steps now to head off potential threats to your accounting firm during this hectic period.

1. Revisit cybersecurity protocols and procedures to ensure they account for remote working.

Once considered by many to be a ‘temporary’ solution that was part of a business continuity plan, remote work is here to stay. A remote workforce – in one form or another – is the way forward for firms, not only because of the Covid-19 pandemic but because of its work-life flexibility benefits. The rise in remote work brings with it a corresponding rise in access to the office through devices and networks that might not be as secure as we’d like. Consequently, cybersecurity threats are also elevated. According to the IBM Security and Ponemon Institute’s 2021 Cost of a Data Breach report, breaches related to remote work cost more and take longer to identify than their in-office counterparts. Accounting firms need to revisit policies and procedures that were developed pre-pandemic to ensure that their protocols for access, onboarding, and training, for example, are adjusted to reflect the new way we work.

If you find your current security measures aren’t where you’d like them to be, take a look at these recommendations for meeting increasingly high cyber insurance coverage requirements. Even if cyber insurance isn’t a part of your cybersecurity framework, these are best practices that any accounting cybersecurity program can benefit from.

2. Join the ranks of those getting smarter about cybersecurity, if you haven’t done so already.

The sophistication of breaches has skyrocketed, elevating the need for AI-enabled tools and intelligence to detect and contain stealth and multi-pronged attacks. Firms that have fallen victim to data breaches know this first-hand. Cybercriminals are no longer content with using ransomware to lock down a network and demand payment. Yes, thieves still want payments to unlock ransomed data. But they also threaten to use the client data they have collected to perpetrate additional crimes unless paid not to do so.

Smarter cyberthieves are not the only reason to brush up on cybersecurity intelligence. The IRS is continually increasing its compliance requirements for securing taxpayer data, so it’s important for your firm to keep up-to-date on the IRS requirements for taxpayer data security.

States are ramping up the implementation of their own privacy laws. Accounting practices need to be able to demonstrate to regulators how they are controlling and enforcing cybersecurity policies while managing in the new remote workforce paradigm.

A silver lining to the pandemic-induced shift to remote work is that more firms now recognize gaps in their ability to protect private information and are taking steps to address them. The news cycle has also helped many realize that a single breach can have downstream effects on the firm’s ecosystem of vendors, clients, and other third parties.

Keep a pulse on what’s happening in the industry, and build a cybersecurity plan to make sure your firm is prepared in advance. Take a look at these five tips from Wes Stillman, CEO of RightSize solutions to get an idea of what cybersecurity for accountants should include.

3. Understand that shifting from a desktop to a laptop mentality has financial, as well as cybersecurity, implications.

If you put off upgrading your tech stack in 2021, do it now (or at least put it on your post-tax season to-do list) to support your new work environment. Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. In the office, firms had firewalls, virtual private networks (VPNs), and protected workstations.

Over the past year or so, firms have discovered that desktop workstations do not travel well. Enter: The laptop mentality and the mobile, remote workforce. The transition to a remote workforce does not just come with new security issues — there are balance sheet implications to consider as well.

The most expensive and most secure technology strategy for remote work is to purchase and own the devices that staff use. At the other end of the cost spectrum for firms is the Bring Your Own Device (BYOD) approach.

Cheaper, yes, but also much less secure. Additionally, staff may resist the required management of non-work-issued devices, which is necessary to secure access to the firm’s business applications.

Virtual desktops are the middle ground in terms of expenses and security, but they have their own drawbacks, such as weak broadband connections that can cripple streaming, video conferencing, and graphics abilities.

Still, enabling staff to access a secure, virtual desktop through devices that have Antivirus (AV), Endpoint Detection and Response (EDR), and Multifactor Authentication (MFA) allows them to be productive while giving the organization stronger cybersecurity protection.

There’s no single right solution for all accounting firms; in fact, it’s not uncommon for some firms to have no cyber security strategy in place or multiple technology strategies for managing their remote workforces. Be sure to assess your options (like the zero trust approach) carefully when determining the best way to manage cybersecurity risks during tax season and beyond.

Take time for a tax season cybersecurity reality check to prevent a busy season business interruption.

Putting these steps in place will help to reduce your firm’s immediate exposure to cyber threats during tax season. However, once your work pace slows down, the critical next step is to do a tax season cybersecurity audit to make sure you have all of your bases covered. This is where the team from Swizznet can provide guidance and break down the components of a solid accounting cybersecurity strategy designed specifically for your firm. They can also help identify gaps in your current strategy which may need your attention.

Remember, the best offense against mounting cyber security threats is a strong offense. At Swizznet, our Obsessive Support™ will ensure your accounting firm has the best possible protection and expertise available to keep your remote teams and practice running as efficiently and securely as possible.

Contact us to begin your journey to security.