Tax Season e-Security Update — A Mixed Bag Of Goodies

From the Jan./Mar. 2008 Issue

Happy New Year! I hope 2008 has started off in a good way for you. For me, it is that annual time of the year where my thoughts turn more to accounting than technology as those of us in public accounting all spend the next three and a half months working like mad to help our clients file their annual paperwork. But even as those of us in public practice start working on our clients’ accounting records, we still need to be mindful of the technology threats that face us every day, even during tax season. The hacker never sleeps (he/she uses automated tools for much of their work) and so we, as accountants, cannot be asleep at the switch either. While those of us in public practice tend to put our technology upgrades on hold during this time of year, we need to remember that the hacker or identity thief is still out there breaking into systems and stealing information. We need to remain vigilant this time of year even though we are busy working for our clients. As we go forward into this busy time, we still need to ensure that we are working at peak efficiency to protect our clients’ data.

FEDERAL DESKTOP CORE CONFIGURATION
The Federal Desktop Core Configuration (FDCC) was developed under the direction of the Office of Management and Budget (OMB) in collaboration with DHS, DISA, NSA, USAF, and Microsoft by the National Institute of Standards and Technology (NIST). This set of standards provides resources for federal agencies, which allows them to test, implement, and deploy Windows XP and Windows Vista securely. While this protocol was designed for use within the government, the OMB, through the NIST, has also made this core configuration available to the public. This provides businesses, nonprofits, and individuals with a process for securely configuring their computers.

The FDCC contains checklists, sample virtual machines that can be downloaded for testing, and other tools. These tools can be used to first test the FDCC configuration in a non-production environment. These same tools can then be used to roll out the FDCC to all production equipment.

These standards are important for accountants because we can use them to secure our computers. All these agencies, which are very much at the forefront of securing our country’s infrastructure as well as protecting our secrets, have worked with Microsoft to develop this protocol. Irrespective of public opinion about how competent our government is or is not, these guidelines provide exceptional help in securing our computers on our network. By following this standard without deviation, it provides you with a useable defense in the event the firm network is compromised and client data is stolen. The FDCC can be obtained from the NIST at http://csrc.nist.gov/fdcc.