top of page
Search

10 Easy Steps to Cyber Protection for Tax Professionals

  • Jan 3, 2024
  • 3 min read

CyberSecurity can be simply extensive! What and OXY Moron! Getting your organization compliant and ready is both complex and easy. CardinalsByte helps build a foundation by understanding your Security Posture and teach you what required.


Whether you are a one-person shop or partner in a large firm, everyone should take steps to protect their clients and their business. We will offer you some quick steps to help provide your IT Posture and give some guidance.


Cybersecurity can be especially challenging for small businesses. It is not more important than ever to take stick of security measures used to protect your DATA. It is a know fact the Financial Industry , specifically Accounts, CPA's, Tax Preparers, Tax Practitioners and Tax Professionals remain HIGH-Targets for CYBERCRIMALS.


The most valuable asset they all have in commons is Client Data, they seek to steal sensitive tax information, so that file fraudulent returns, steal their identify and commit other crimes against them.


This is a guide to help tax professionals cover the basics of cybersecurity, for a quick assessment and a custom tailored solution, contact CardinalsByte to speak with a Security Expert today free.


STEPS

  • Security First

    • Have Updates Anti-Virus installed on all devices

    • Use Firewalls and make sure turned on

    • Use Two-Factor Authentication

    • Encrypted all data sent and received

    • Backup your data daily, weekly or monthly - Test it Monthly

    • Use drive encryption

    • Use secure VPN (Virtual Private networks)

    • Update your Devices and Applications

    • Deploy Patches

    • Sanitize your CODE

    • Use Tools to identify if someone is connected to your network

  • What System Do You Have

  • Know what hardware, software and sensitive information you have

  • Know what applications are installed

  • Secure your Website "validate and sanitize inputs"

  • Conduct Risk Assessment

    • Use a Security Scorecard rating tools to instantly help rate and identify your own cybersecurity risk , and the third party vendors/service providers.

  • Create a data security plan

  • Federal law requires all Tax Professionals to create and maintain an information security plan for client data

  • Tax preparers are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures Identify all risks to customer information.

  • Evaluate risks and current safety measures.

  • Design a program to protect data.

  • Put the data protection program in place.

  • Regularly monitor and test the program.

  • Educate and Train on Types of Threats like phishing scams and ransomware

  • Learn about spear phishing emails

  • Beware of ransomware

  • Develop Strong Password - implement block on failed attempts

  • Use a Password Auditing Tool to scan for password related vulnerabilities

  • Install Website Scanner to authenticate legitimate websites

  • Recognize the signs of client data theft

  • Clients contact you about suspicious emails or letters they receive in their name from your organization

  • Your team reports having issues access company systems

  • Create a Strong Incident Response Plan

    • Federal, State and Local Laws require that you have a Strong Incident Response Plan (IRP) in place that outlines the steps you need to take to mitigate an attack

    • Test that your plan works at minimum every 6 months.

    • Outline who is responsible for what , when something happens

    • Document your findings and learn from them

    • Hire or Contract with a Cybersecurity Expert to Test and Monitor your System

    • Audit Logs and keep reports to show that you have the right tools in place

    • Use Tools such as ISP, IDP, SIEM and SOAR to help prevent and detect threats in real time and report

    • Report the Incident immediately to appropriate authorities

    • Notify your clients of potential breach

  • Risk Governance

    • Have clear written Policy and Procedures that outline component of your cybersecurity posture

      • Sample policies include:

  • Cybersecurity Policy

  • Access Control Policy

  • Asset Inventory & Device Management Policy

  • Data Classification Policy

  • Physical & Environmental Security Policy

  • Risk Assessment Policy

  • System & Network Security Policy

  • Third Party Service Provider Policy

    • Businesses should review their policies for accuracy, completeness, and applicability, and update them as needed based on their risk assessments

    • Use MITRE guidelines to test your systems

    • Use NIST to provide guidance Policy and procedures

Although, this is not an extensive list of what needs to be done in order to prepare and protect your business against cybercriminals, this is a good starting point .


Following these simply steps will make a difference , it starts with Owners and Leadership to make the different in their companies. If you create an environment where CYBERSECURITY is at the forefront of all you do, then you clients data will be protected.


CardinalsByte is here to help with your journey and provide you with resources to learn and develop your own Cyber Security Posture and Architect for your company. Together we can TAKE A BYTE OUR OF CYBERCRIME!

 
 
 

Comments

bottom of page