How Accountants Can Protect Client Data From Cyber Crime
Each day hackers quietly go about their business stealing personal information. Data breaches. Email phishing scams. Ransomware attacks. Their tactics constantly evolve to capitalize on lapses in security. As an accountant or CPA, your clients entrust you with some of their most sensitive personal information. If you’re not taking steps to safeguard their personal data, then you’re doing them a disservice.
The risk of cyber-crime grows every day. In fact, a 2017 survey reported that more than half of small- and medium-sized businesses reported having experienced a cyber-attack or data breach in the previous 12 months. These attacks come with a very real cost. Victims reported that attacks cost more than $2 million, on average, in damages, theft, disruption to operations, and lost business. And if that’s not enough to get your attention, consider that you may be legally liable under federal law if you you’re not taking appropriate precautions to protect client information.
Tips for Safeguarding Client Information
While it’s impossible to completely prevent data breaches, the following proactive steps can help protect your accounting firm – and your clients – from hackers:
- Create a security plan. Your plan should establish security requirements for accessing and using client data, including computer systems and paper records. Establish a process for regular review of your plan to make sure it addresses the latest risks. Hackers are continually updating their methods and becoming more sophisticated, so your security plan from last year is probably already outdated.
- Ensure your systems are secure. All sensitive data should be stored on secure servers and backed-up regularly. Access to this data should only be granted on a need to know basis. In addition, all data send via email or transmitted over your network should be encrypted. Simple steps like installing software updates and keeping your virus protection up-to-date can also go a long way towards protecting your data.
- Have – and enforce – a password policy. Passwords remain an essential way to protect your organization. Mandate strong passwords, require that they be updated periodically, and prohibit the sharing of passwords. While many companies have these kinds of policies, they fail to enforce them. Don’t make that mistake.
- Train your employees. Human error is at the root of almost half of cyber-attacks. Regularly train your staff, so they understand the risks, the tactics hackers user (such as sending infected attachments and links via email), and any changes to your security policies. This will help ensure compliance and mitigate the risk of staff mistakes.
- Have a data breach response plan. Your plan should detail the steps you will take should a breach occur, including contacting law enforcement, notifying your clients, and any other notifications required by state and federal law.
- Ask for help. IT consultants and security consulting firms specialize in cybersecurity, so you don’t have to. As hackers become more adept, it’s harder and harder for businesses to keep up. Working with professionals to protect yourself is worth the investment if it saves you the hit your resources – and your reputation – will take should a breach occur.
Cyber-crime represents a very real threat to your business. Whether you are a large firm or a one-person business, taking steps to secure your data and protect your clients’ personal information is critical for your business. If you’re not sure you’re doing enough, Applied Network Solutions can assist. We understand the constant shifting threats your company faces and offer the most current cybersecurity solutions available. Contact us to learn how we’ve helped other accountants and CPAs protect their clients – and their businesses – safe and secure.