Written by: Alex

Cyber Security 101: Tips for CPAs during Tax Season

As tax season has arrived, this is yet rewarding for Accountants, but it can also expose their technology vulnerabilities. During this time, cybercriminals prowl attempting to expose small to medium sized Accountant firm data from “phishing” emails, data breaches, and identity theft. Research shows that in 2018, the IRS advised there was a 60% increase in phishing emails seeking to extract firm tax data and money earned during firm tax season.

It is vital to be prepared during tax season and strengthen firm’s technology during this time. Below are critical tips to keep your data safe during this year’s tax season.

#1 Preparation for Tax Season

Many CPA firms only seek to improve their cybersecurity strategies and technology after a data breach, when it is often far too late. It is critical to understand that cybercriminals do not only target large corporations because of this. A cyberattack can strike at any time to any business, regardless of its size. Planning for a potential data breach or cyberattack is not excessive, it’s being realistic.

Below are tips on how to prepare your technology for tax season.

• Ensure your Firewall, anti-virus software, computer(s), server(s), and Tax software are fully updated.
• Review your device passwords, most notably, Wi-Fi and Computer account passwords.
  • Tip: Check your password’s security with this website.
• Conduct an IT network & security audit, identifying any potential threats.
• Create a disaster & recovery plan in case the worst happens.

#2 Educate your Team

As noted previously, cybercriminals are the most active during Tax season.

Below are tips on what topics to educate your firm’s team regarding and what they should be aware of.

• Emails with suspicious links to websites or suspicious attachments.
  • Consult with your IT provider regarding any suspicious websites before visiting them. These links can at worst case scenario, lock down your network and hold your company data for ransom.
• Never provide any personal or financial details in an email or via text message.
  • If your email or phone has been compromised, attackers can gradually build a profile of your personal or business data and commit identity fraud in your name.
• Check the sender’s email address.
  • Sometimes, it may seem that an important customer or client has sent you an email, but it was from an illegitimate email address. Double check the address, not just the display name, to confirm the email is coming from a legit source.
• Do not use a public Wi-Fi connection to submit tax forms.
  • Submit your tax forms through your Business wifi/network.
  • Do not submit your tax forms from a public restaurant, café, etc.

#3 Develop a Disaster & Recovery Plan

At first thought, you may not want to consider the “what-if” moment of a worst-case scenario. However, the following could happen if your firm does experience a data breach.

• Cybercriminals can withhold your data and demand a large ransom payment.
• Revenue needed to send to the IRS could be stolen, resulting in penalties or risk of prosecution if unable to re-fund that revenue.
• Experience the loss of trust of valued customers, per compliance, they would need to be aware.

A disaster & recovery plan should accomplish the following goals:

• A step-by-step guide in the event of a data breach or catastrophic cybersecurity event.
• A list of software used within your business, with alternative programs that can be used in the event of an emergency.
• An immediate data restore plan to prevent disruption to your business in the event of an emergency.

Although cybersecurity should be a year-round concern for your firm, extra precautions should be taken during tax season. Why? It’s statistically proven that cybercriminals are more hungry for data during this financial season.

For consultation regarding any of these crucial topics, please do not hesitate to contact us. We can walk you through every step of the way!