We’ve all got our pre-tax-season rituals; those processes and procedures that ensure we’re running on all cylinders once Jan. 1 rolls around. While preparatory activities can vary from office to office, there’s one procedure that should be a common thread running to every tax prep office: computer security measures.
You know your computer system best. But there are some precautions that should be followed across-the-board, no matter what flavor your technology happens to be. In the old days, B.V. (Before Hackers), these precautions were valid, but not required. Today, however, they are crucial for keeping the data of you – and your clients – from falling into the wrong hands.
Use Security Software
There are a lot of security software choices. The key here is to get it and make sure you USE it. A good security software suite can keep you safe from viruses (that can destroy data) and malware (malicious programs that can do everything from read your hard drive to lock you out of your own computer). Many new computers come with their own security software pre-installed. If that’s the case for you, make sure your program isn’t just a trial version that will run out and quit working once the trial period is past.
Make sure you turn it on. Sure, this sounds dumb, but a lot of folks just see it in the menu and assume it’s running. Check it, and set it to update automatically. You don’t want to pick up a virus that would’ve been blocked by that update you haven’t gotten yet.
And if you use other computers or devices, such as tablets, smartphones or laptops that connect to your main computer or system, make sure they are similarly protected.
Use Encryption Software to Protect Sensitive Data
If you keep sensitive financial data – prior-year tax returns or important financial records, for example – on your hard drive, consider buying additional encryption software to add an extra layer of security to your most precious and private files. Most of these will be paid programs, but are well worth the measure of security and peace of mind they can supply.
Use Strong Passwords
The days of using “password” as a working password on an account are long gone. Now, you need a strong password of 10 or more digits and it should include special characters, capital and lower letters and numbers. You should strive to use a different password for different accounts, especially those with financial data. Also, make sure the password to log into your computer is equally complex.
There have been studies recently that suggest long pass-phrases such as “thetigerplayedbagpipes” may be considered as strong as the standard 10-digit one we just mentioned. In this case, longer is better, and the phrase shouldn’t make sense if read literally. Your mileage may vary.
Whichever method you use for passwords, change them regularly. Every few months is a good schedule. Try not to repeat old passwords for a few cycles at least.
Protect Your Wireless Network
And while we’re on the subject of passwords, check out what you’re using on your in-house wi-fi network. Make sure your wireless system has a strong password as well. If you use a tech service, they can make your wireless system even stronger by limiting connections to known computers, using the MAC addresses. And though we hope we don’t have to tell you, never, but never work on taxes when you are using an unsecured public wireless system.
Backup Your Data
If you can say your critical data resides on just one place in your office, say, the hard drive of your computer, you need to backup your data now. In a small office, it could be as simple as doing a backup to a removable USB hard drive. Bigger operations may want to opt for a cloud arrangement. No matter which you choose – or whether you choose an option somewhere in the middle – make sure there’s a copy of your data somewhere besides your main computer.
It’s good to have the backup in your desk drawer, but it’s better to have one off-site somewhere. Perform backups regularly so that you always have recent data should you need to restore your files after a theft or some sort of calamity.
Avoid Phishing Emails
We’ve all gotten them: emails that look like they’re from some official source (even the IRS!) and tell us to verify our information for their servers. They even have a convenient link to provide the information. How nice.
But it’s a scam, and the email actually comes from identity thieves, not the official source we thought. Some of the best advice comes from the IRS. “Never reply to emails, texts or pop-up messages asking for your personal, tax or financial information,” advises one IRS release. Reputable companies, and especially the IRS, won’t ask for personal information in an unsecured channel such as email.
The Internal Revenue Service has some good suggestions for cyber security on their Data Theft Information for Tax Professionals web page. For more pointers, check out Publication 4557, Safeguarding Taxpayer Data.