April 20, 2021

How CPAs Can Mitigate Cybersecurity Risk During The Extended Tax Season

Tax season is the busiest time of year for CPA firms. Unfortunately, it’s also a busy time for hackers looking to target CPAs during this frenzied season. In today’s world, cybersecurity isn’t just a good business practice, it’s part of the rules and guidelines laid out by the IRS for all tax professionals. CPA firms are increasingly becoming the target of cyberattacks due to the rich client financial data they hold, the increase in remote work without strong security, and their often lax protection of client data. Tax season, with its increased client communication, frequent data transfers, data storage on mobile and at-home devices, and fast-paced environment is a prime time for a number of different types of cyberattacks. However, there are steps CPAs can take to protect themselves. CPA firms can reduce their risk and ensure they protect their client’s data through several manageable actions. 

Data breaches are expensive and embarrassing. What’s more they raise the added stress of potential legal action. Simply put, a CPA firm’s primary cybersecurity responsibility should be to protect their client’s data at all costs. The ways to do that during the important and hectic tax season include encrypting and safeguarding important data while minimizing the impact of any breach, ensuring employees use best practices for security, using strong cyber defense systems, and employing a competent and diligent cybersecurity team. 

Protecting Client Data 

Hackers can use compromised data in a few ways. They can directly steal money if they know specific account details along with enough personal information and passwords. They can also sell the data to third parties, steal an identity to get credit cards or other types of accounts, or hold the data hostage in exchange for a ransom. As such, CPA firms can take several precautions to ensure that sensitive data isn’t compromised. 

  1. Encrypt important email and data files: using encryption adds an additional layer of security. Even in the event of a security breach, hackers need to then solve the encryption to get to the valuable data files. It may also provide your security team with enough time to add additional protection after they detect a breach. Due to an additional time burden, employees may resist encrypting communication and data, but adding encryption expectations into a data-use policy and providing the rationale for encryption should improve uptake. Consider using a virtual private network or virtual desktop to offer additional protection. Work with your IT team to integrate encryption into workflows to make adoption easier. 
  2. Limit data access to an as-needed basis only: one common cyberattack relies on social engineering through email phishing that targets specific employees. If all employees have access to all the data, then if any employee gets hacked, that hacker will have access to any data they want. To prevent this, make sure that data is accessed only by those who have a critical need to see it, and that client data is only available to their specific team. Also, be sure your clients limit the amount of data they provide you. Be specific about what you need, and don’t need. While you may need access to their bank statements, don’t have them provide you their passwords (for example) unless absolutely necessary. 
  3. Retain data only as long as required: update your data retention policies to only keep data for as long as required for auditing or other purposes. As you archive data, be sure to encrypt it and protect it. Even if they are no longer an active client you’re still responsible for data security. This same advice holds true for emails in employees’ inboxes. 
  4. Create a security plan: the IRS requires a written security plan for all tax professionals. But it’s not just useful for compliance: a written plan, combined with practice, ensures your team is ready to respond quickly in the event of a security problem. The plan can act as a defense strategy as well as a fast response outline. It should help to identify risks to client data, how you can mitigate those risks, specify different responsibilities, and create opportunities to test and revise the plan. 

Even if a data breach has nothing to do with tax filing, if your CPA firm’s cybersecurity is compromised during tax season it’s going to have a bigger than usual impact on business. Do whatever is needed to protect client data so that your tax season can boom regardless of hackers’ intent. 

Provide Employee Training on Tax Season Specific Attacks 

Cybersecurity training for employees may not be popular, but research shows the majority of cyberattacks that succeed are the result of human error. We’ve written before about ways to protect your firm and the most common threats to CPA firms. Ideally, employees would receive regular training on preventing cyberattacks. During tax season, employees will be targeted with threats that are believable and tailored to issues faced during filing season. 

  • Social engineering scams: These attacks appear to come from a trusted colleague or client. Sometimes they’ll have a nearly identical email address or even a legitimate, but hacked email account. They may request financial information for a client or ask that an employee make a financial transaction. During tax season, the busyness of this time of year may be used as an excuse for an unconventional or time-bound request. Always confirm a request with a colleague or client in an additional way like a phone call or in-person check-in. Be especially wary if the email seems unusual to the person’s writing style or work style (if it was sent at 3 a.m., for example). 
  • Watch out for spear-phishing scams: these scams are sophisticated and intended to appear as legitimate. During tax season hackers will use email communications that look like they come from the IRS requesting information. They may also seem to come from accounting organizations or even your firm’s CEO. As a rule, never click an email link or attachment until you double-check its legitimacy. Be wary of any email that appears to come from the IRS or any email that asks for sensitive data.   

Tax season is popular for hackers as well as CPAs. Train employees to be on the lookout for scams this time of year and give them encouragement that protecting data and finances is prioritized over nonbinding time-sensitive requests. 

Use Enterprise-Level Cybersecurity 

At Cetrom, there are some practices and technology that we believe will offer CPA firms the most protection. Consider using multiple types of artificial intelligence technologies to detect different threats. Deploy anti-spam and anti-virus protection, use the best hardware and software you can afford, move your CPA firm to the cloud to increase protection for remote work, use intrusion detection and prevention systems, and be sure to replicate, encrypt, and backup all data. Additionally, use other safeguards like multi-factor authentication and strong passwords on networks and devices. 

  • Consider cybersecurity insurance: even with trained employees, data protection, and a premier security team, breaches still happen. Get a cybersecurity insurance policy that can help cover expenses in a worst-case scenario situation. 

Lastly, ensure your security team understands the unique responsibilities of a CPA firm including an increase in cyberattack targeting during the tax filing season.

Be Sure Your Security Team is Up to the Task 

At Cetrom, our security experts and engineers are available to respond to any issues 24/7/365. It’s important that your security team is available as needed, because hackers don’t work during business hours. What’s more, a cybersecurity team that can also act as a trusted advisor offers more value because they can make recommendations that help you stay ahead of the curve. Choose a security team that you can trust during tax season.

Contact Us

Cybersecurity Guidelines for the CPA C-Suite

Cyberattacks are happening more frequently and with increasing sophistication. In order to counteract this threat, c-suite executives must prepare..
May 18,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Cybersecurity Guidelines for the CPA C-Suite

Cyberattacks are happening more frequently and with increasing sophistication. In order to counteract this threat, c-suite executives must prepare..
May 18,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

Blog Archives

See all
Is Cetrom Your Cloud Services Solution?