As National Cybersecurity Awareness Month wraps up, it's the perfect time for accounting professionals to focus on strengthening digital security practices for themselves and their clients. With tax season around the corner, the IRS and its Security Summit partners have highlighted the need for vigilance against online threats, especially identity theft and fraud. Here’s what you need to know to keep your clients safe and ensure their sensitive information remains secure.
The Rising Threat of Tax-Related Identity Theft
Tax-related identity theft occurs when someone uses a taxpayer’s stolen Social Security number to file a tax return and claim a fraudulent refund. Such scams can create headaches not only for taxpayers but also for accounting professionals. Resolving cases of tax fraud can be time-consuming and complex, and identity theft can erode clients' trust. With more people shopping online and using social media, they may inadvertently expose themselves to cyber threats. As an accountant, it’s essential to educate clients about cybersecurity and implement practices to secure their personal information.
Key Security Practices for Accounting Professionals and Clients
To protect against tax-related identity theft and fraud, the IRS and Security Summit offer several security recommendations. These include recognizing phishing scams, safeguarding personal information, using strong passwords, enabling multi-factor authentication, keeping software up to date, and using virtual private networks (VPNs) on public Wi-Fi. Below, we break down how these practices can make a difference.
1. Recognize and Report Phishing Scams
Phishing attacks often aim to steal information by posing as legitimate entities, such as the IRS, banks, or well-known companies. Fraudulent emails may ask for personal details, prompt you to click a link, or download an attachment. A key rule to remember is that the IRS never uses unsolicited emails or social media to discuss tax issues. Encourage clients to report any suspicious emails to phishing@irs.gov, forwarding the email as is, and then delete it. Educating clients about these red flags helps protect both their information and yours.
2. Protect Personal Information Online
Clients should be cautious about sharing personal information online, such as birthdates, addresses, Social Security numbers, and banking details. Consider advising clients to use encryption tools for storing sensitive tax-related information and implementing restricted access policies to ensure only authorized personnel can view or manage it. For accounting professionals, keeping client data encrypted and locked behind secure protocols is essential in ensuring data integrity and privacy.
3. Use Strong Passwords and Consider Password Managers
Weak passwords are a common vulnerability in cybersecurity. Ensure your systems are secure by using complex passwords and changing them periodically. A password manager can be an invaluable tool for clients who struggle to remember multiple strong passwords, reducing the risk of using simple or repeated passwords. Encourage clients to follow suit by using passwords that combine letters, numbers, and symbols, avoiding obvious choices such as birthdays or common words.
4. Enable Multi-Factor Authentication (MFA)
MFA adds an extra layer of security, making it more challenging for unauthorized individuals to access accounts, even if they have the correct password. This is particularly useful for any online financial platforms your clients use, such as banking or investment sites. Many tax preparation software tools now offer MFA, so encourage clients to enable this feature wherever possible. For accounting professionals, using MFA for email, client portals, and other sensitive access points is crucial to preventing breaches.
5. Keep Software Updated and Enable Automatic Updates
Outdated software can be a gateway for cybercriminals, as it may have unpatched security vulnerabilities. Encourage clients to keep their devices and software up to date and enable automatic updates for operating systems, antivirus programs, and firewalls. As an accountant, consider implementing an IT management solution that ensures all your devices and software receive timely updates and security patches.
6. Use a VPN on Public Wi-Fi
Public Wi-Fi networks are often unsecured, making them easy targets for cybercriminals. When you or your clients need to access sensitive information outside of a secure office environment, using a virtual private network (VPN) can help prevent data interception. A VPN encrypts internet traffic, making it harder for anyone to intercept information sent over public networks. Encourage clients to use a VPN whenever they’re handling financial data on the go.
Additional Tips for Protecting Clients Against Charity Scams
Scammers often exploit people’s goodwill, especially in the wake of natural disasters or other tragic events. Fake charity scams target individuals by setting up organizations with names that resemble well-known charities or using spoofed caller IDs to solicit donations. Here are a few tips to share with clients on safe charitable giving:
- Verify the Charity: Clients can use the IRS’s Tax Exempt Organization Search (TEOS) tool to confirm a charity’s legitimacy. Encourage clients to request details about a charity, such as its mailing address and website, to independently verify its legitimacy.
- Be Cautious About Donation Methods: Scammers may request unusual payment methods like gift cards or wire transfers. Legitimate charities usually accept standard payment methods like credit cards or checks.
- Limit Personal Information Disclosure: Clients should avoid sharing excessive personal details with a charity, such as Social Security numbers or credit card information, as these can be misused by scammers.
- Resist High-Pressure Tactics: Scammers often create a sense of urgency to coerce individuals into donating immediately. Remind clients that legitimate charities appreciate donations at any time and do not pressure donors.
Empowering Clients Through Education
Your role as a trusted advisor extends beyond tax preparation; it includes equipping clients with knowledge to protect themselves from online threats. By following these security practices and encouraging clients to adopt safe online habits, you contribute to a safer online environment and a smoother tax season.
As cybersecurity becomes a growing concern, accountants who are proactive about protecting client information stand out as valuable, trustworthy professionals. Staying updated on IRS recommendations and security best practices is an investment in your reputation and your clients' peace of mind. Together, you and your clients can navigate tax season securely, focusing on maximizing financial well-being without the worry of cyber threats.