If you think the middle of tax season “is not the time” to proactively improve your firm’s cyber security protocols, you may be playing right into the hands of cybercriminals who are emboldened to launch attacks when they believe their targets are distracted by other things (such as tax return preparation, as one example).
It’s no secret in the accounting profession that data breach attempts and cybersecurity attacks aimed at tax preparers, their clients, and the IRS are increasing in frequency and their level of sophistication. Tax season has always been a prime time for cybercriminals to strike, but now the bad actors are multiplying and getting more adept at flying under the radar. This makes it imperative for you to remain constantly vigilant and be proactive in taking all possible steps to defend your firm against attacks that could potentially take your firm down during tax season.
The support team at Swizznet suggests the following three steps to take now to head off potential threats to your accounting firm during the heat of this hectic period.
1. Revisit cybersecurity protocols and procedures to ensure they account for remote working.
Once considered by many to be a ‘temporary’ solution that was part of a business continuity plan, remote work is here to stay. A remote workforce – in one form or another – is the way forward for firms, not only because of the Covid-19 pandemic but because of its work-life flexibility benefits. The rise in remote work brings with it a corresponding rise in access to the office through devices and networks that may have less security. Consequently, cybersecurity threats are also elevated. According to the IBM Security and Ponemon Institute’s 2021 Cost of a Data Breach report, breaches related to remote work cost more and take longer to identify. Accounting firms need to revisit policies and procedures that were developed pre-pandemic to ensure that their protocols for access, onboarding, and training, for example, are adjusted to reflect the new way we work.
2. Join the ranks of those getting smarter about cybersecurity, if you haven’t done so already.
The sophistication of breaches has skyrocketed, elevating the need for AI-enabled tools and intelligence to detect and contain stealth and multi-pronged attacks. Firms that have fallen victim to data breaches know this first-hand. Cybercriminals are no longer content with using ransomware to lock down a network and demand payment. Yes, thieves still want payment to unlock the data. But they also threaten to use the client data they have collected to perpetrate additional crimes unless paid not to do so.
Smarter cyberthieves are not the only reason to brush up on cybersecurity intelligence. The IRS is continually increasing its compliance requirements for securing taxpayer data so it’s important for your firm to keep up-to-date on the IRS requirements for taxpayer data security.
States are ramping up their implementation of their own privacy laws. Accounting practices will need to be able to demonstrate to regulators how they are controlling and enforcing cybersecurity policies while managing in the new remote workforce paradigm.
A silver lining to the pandemic-induced shift to remote work is that more firms over the past year now recognize gaps in their ability to protect private information and are taking steps to address them. The news cycle has also helped many realize that a single breach can have downstream effects on the firm’s ecosystem of vendors, clients, and other third parties.
3. Understand that shifting from a desktop to a laptop mentality has financial, as well as cybersecurity, implications.
If you put off upgrading your tech stack in 2021, do it now (or at least put it on your post-tax season to-do list) to support your new work environment. Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. In the office, firms had firewalls, virtual private networks (VPNs) and protected workstations.
Over the past year or so, firms have discovered that desktop workstations do not travel well. Enter: the laptop mentality and the mobile, remote workforce. The transition to a remote workforce does not just come with new security issues, there are balance sheet implications to consider as well.
The most expensive and most secure technology strategy for remote work is to purchase and own the devices that staff use. At the other end of the cost spectrum for firms is the bring your own device (BYOD) approach.
Cheaper, yes, but also much less secure. Additionally, staff may resist the required management of non-work-issued devices, which is necessary to secure access to the firm’s business applications.
Virtual desktops are the middle ground in terms of expenses and security, but they have their own drawbacks, such as weak broadband connections that can cripple streaming, video conferencing, and graphics abilities.
Still, enabling staff to access a secure, virtual desktop through devices that have antivirus (AV), endpoint detection and response (EDR) and multifactor authentication (MFA) allows them to be productive while giving the organization a stronger cybersecurity defense.
There’s no single right solution for all accounting firms; in fact, it’s not uncommon for some firms to have no cyber security strategy in place or multiple technology strategies for managing their remote workforces. Be sure to assess your options carefully when determining the best way to manage cybersecurity risks during tax season and beyond.
Take time for a tax season cyber security reality check to prevent a busy season business interruption.
Putting these steps in place will help to reduce your firm’s immediate exposure to cyber threats during tax season. However, once your work pace slows down, the critical next step is to do a tax season cyber security audit to make sure you have all of your bases covered. This is where the team from Swizznet can provide guidance and break down the components of a solid cyber security strategy designed specifically for your accounting firm. They can also help identify gaps in your current strategy which may need your attention.
Remember, the best offense against mounting cyber security threats is a strong offense. At Swizznet, our Obsessive Support™ will ensure your accounting firm has the best possible protection and expertise available to keep your remote teams and practice running as efficiently and securely as possible.
Give our team a call at 888-794-9948 ext. 1 to begin your journey to security.