Why Security Measures Are Critical for Tax Pros

Beyond what solution providers enforce to ensure data security, you also need to review your internal processes. What policies do you have in place regarding passwords in your office? Who has access to your client’s or firm’s data, and who doesn’t? How are you protecting your office network from potential external intrusion? How do you ensure security of non-digital information?

The security processes and procedures within your firm are only as good as the weakest link in the chain. Over the past few years, we have seen cybercriminals increase targeting of individual firms, where the level of protection may not be as strong as it is within large companies who constantly monitor, review, and update their processes and procedures. In short, data security is not something that is simply solved by the policies in your office or that of the vendors with whom you partner. Data security requires both solution providers as well as the individual firms to have the right tools in place to fend off those intending to profit from the use of stolen data.

Security of Data as Your #1 Concern

Data security is not a new concern to the tax and accounting profession. As noted above, your clients come to you with very personal, private, and sensitive information that can make or break their success as individuals and/or business owners. It’s up to those of us in the accounting profession to make sure their data is protected first and foremost, and then continue working on advising and growing their business. There are a number of regulations, publications, IRS code sections, and more that help inform and guide the actions the professional must take in order to remain compliant. 

Failure to meet some of these obligations can not only result in significant pain for your customers, but can also lead to FTC investigations of the firm itself. It is the responsibility of the professional to stay current on the requirements and rules in this regard. There are a number of resources available to help you better understand these obligations, and it is imperative that you are not only familiar with these obligations, but that you put clear action plans in place to ensure you are adequately following them. Intuit’s privacy and security portal and the AICPA have a wealth of information in this regard, and this article in particular provides a good summary of the regulations along with templates you can use to ensure you have the right controls in place.

In summary, as you work to better deliver on the needs of your clients and of your firm, data security is a key factor that must be considered when you evaluate products, and the processes and policies you put in place are just as important. While the larger software providers have mechanisms in place to protect your client and firm data, software providers cannot solve these problems alone. 

You must have a solid plan of action, clear policies within your office, and adequate disclosures to your clients. Much like in the physical world, where thieves and other bad actors are looking for the easiest path, cybercriminals are constantly looking for the next easy target. So turn on your outside lights, keep your bushes well-trimmed, and install a security system. While these are obviously well known tips for protecting your home from a burglar, in the digital world we live in today the best way to avoid a breach is to put the right controls and policies in place.

======

Jorge Olavarrieta is VP of Product Management and Design at Intuit.