Accountants, financial service providers and tax professionals are faced with some very stringent data security requirements — both ethically and even legally — which have been complicated even further by COVID-19. The global coronavirus pandemic has prompted many to abandon the office and work from home, opening the door to some unique data security risks that must be addressed. So how do you ensure that you have a robust data security plan? For tax preparers, CPAs, and others in the tax, accounting and financial services industry, this is a very important question. The security of financial data must be addressed thoroughly to ensure full compliance with established laws and regulations.
Why Do I Need to Create a Financial and Tax Data Security Plan?
Industry standards aside, accountants, financial service providers and professional tax preparers are required to maintain a very high level of security due to the sensitive nature of the information that they’re handling on any given day. In fact, federal law requires tax preparers to maintain a written data security plan that outlines how they’re protecting clients’ data.
In addition to addressing your security protocols from a practical standpoint, it’s also critical that you re-examine your written security plan to ensure this document accurately reflects your COVID-era operations. Accountants and financial professionals are also expected to maintain stringent security measures to protect client data.
Implementing Data Security for Tax and Financial Professionals
Evaluating and implementing data security measures can seem daunting, especially if you’re not overly tech-savvy. For this reason, it can be very useful to bring in an IT consultant or other technology professional to evaluate your existing IT infrastructure. After their analysis, they can recommend what changes must be implemented in order to maximize security. An IT consultant can also be useful in guiding you through the process of developing that law-mandated written security plan.
If you’re going it alone, the “Security Six” checklist can be a good starting point. Developed by the Internal Revenue Service (IRS) and Security Summit partners, the Security Six checklist explores the most basic security measures that must be implemented by tax professionals. Accountants and other financial services providers would be well-served by these guidelines as well. Notably, these are guidelines that should definitely be re-evaluated in this COVID-19 pandemic work environment. Many professionals working from home may unknowingly be utilizing different devices that do not comply with these data security standards.
Your written data security plan can begin by detailing how your company has addressed these six basic security measures, which include the following.
- Antivirus Software — Antivirus software must be installed on all devices utilized in the course of business, in addition to antivirus measures on any in-house servers. Your antivirus plan should include manual scans and automatic scans at specified intervals.
- Firewalls (Hardware & Software) — Network firewall hardware is typically present in an office environment, but it’s important that you also have a small office / home office (SOHO) router with firewall hardware too. Additionally, you’ll need to ensure you have appropriate firewall software in place as well.
- 2-Factor Authentication — Two-factor authentication on email and other accounts protects client information by preventing unauthorized access. Multi-factor authentication ensures at least two layers of security, such as a password and a code texted to your phone.
- Software Backup Services — Essential files and private information should be stored off-premises in a secure location. This is where cloud data storage platforms can be quite useful, as these interfaces typically have built-in backup and encryption solutions.
- Drive Encryption — Due to the sensitive nature of the data handled by tax, accounting and financial professionals, drive encryption is essential for scrambling data into a form that unauthorized users cannot utilize.
- Data Security Plan — The Federal Trade Commission (FTC) requires a written data security plan as part of its “Safeguards Rule.” The IRS has also released written guides exploring small business data security fundamentals and a guide for safeguarding taxpayers’ data.
The Basics of Developing a Data Security Plan for Tax Professionals and Accountants
Developing an IT and written data security plan will take some time. This document should also be updated if your operations have seen a significant shift due to the COVID pandemic. Namely, you’ll need to address the fact that you now have team members working in home offices, using routers and networks that may not necessarily be secure. A simple review of your existing data security plan can help you identify what measures need to be implemented by staff who are working from home offices, while also offering insight into what areas of the plan should be updated to reflect today’s operational realities.
Each company’s data security plan will vary somewhat based upon company size, the precise nature of your IT infrastructure and the complexity of your operations. The FTC requires these written plans to address a few key issues. Companies must
- Designate one or more individuals to coordinate and oversee the company’s IT and data security measures.
- Design and implement safeguards and measures to protect customer data. Include information on program monitoring and testing.
- Clearly identify and assess the risks surrounding customer data in each department or division of their business. Then, they should discuss the chosen safeguards and the effectiveness of those safeguards in minimizing the identified risks.
- Outline the service providers whom they’ve selected to provide the appropriate security measures and explain the nature of each service plan. It’s important to ensure that the contract with each provider explicitly discusses the handling of sensitive data and outlines the minimum security measures associated with all data handling.
The final requirement in the FTC’s data security plan requirements for tax preparers calls for the evaluation and adjustment of security measures in response to business or operational changes. The COVID-19 pandemic is a wonderful example of an event that should prompt a revisit of your written protocol and your practices.
Leveraging the Cloud as You Develop a Data Security Plan for Financial and Tax Professionals
Today’s cloud technology provides some very secure data storage and computing solutions for companies that handle sensitive data, whether it’s financial information, personal information, medical data or any other type of data that must be protected from unauthorized access.
If your company leverages a cloud data storage platform and cloud-based servers, you’ll enjoy a high level of security (which can be easily expanded to include even more stringent protections). The cloud can be securely accessed from anywhere on the planet, which is ideal for companies that have largely shifted to a work-from-home model for the time-being. Additionally, by storing all data in the cloud (avoiding the local storage of data on individual devices), you can centralize your security measures around this single data storage location. This reduces reliance upon individual devices that could be lost or stolen.
The cloud is also great from a business perspective because it’s highly scalable, yet affordable, since you only pay for the resources you’ve utilized.
Despite the tremendous COVID-19 impact on business, 7T’s team is still hard at work on Snowflake cloud projects, among other tasks. Our team is available to provide technical resources as you shift to a Snowflake data cloud platform, offering the configuration and deployment services you need to succeed.
At 7T, we specialize in digital transformation through emerging technologies, as we integrate cutting-edge solutions into virtually every development project that comes to our team. Whether it’s a mobile app development project, a custom software development project such as a CRM platform or ERP development, we’re well-equipped to assist with multi-phased development services.
SevenTablets has offices in Dallas, Houston, Chicago, and Austin, but our clientele spans the nation and beyond. If you’re ready to harness the power of the cloud and other innovative technologies, contact the experts at SevenTablets today.