Accounting Firm Cybersecurity: Training Your Staff and Protecting Your Business

From the Thomson Reuters blog.

It probably won’t surprise you to hear that tax identity theft is on the rise. In response to this increase in tax-related ID theft, last year the IRS rolled out new security requirements that recommended multi-factor authentication (MFA) for tax and accounting software.

While MFA has shown to be an effective tool in combating fraud, there’s an equally important supplemental strategy that all tax and accounting firms should employ: educating their staff.

That’s because humans — no matter how well-intentioned — remain the weakest link in the data security chain, as proven when a recent cybersecurity report revealed that approximately 95% of security breaches are caused by human error. So let’s take a look at some of the changes that tax and accounting firms are making to improve awareness among employees.

Employee training: Simple, inexpensive, impactful

In 1794, Voltaire said, “Common sense is not so common.” Today, we could update that quote to read, “Network security common sense is not so common.” That’s why it’s imperative that your staff is trained before they interact with your information systems.

It’s good practice to update your training regularly to include new and evolving data security challenges. Luckily, there’s no need to design a training program from scratch. Most information security companies have great presentations written and ready to go, or white papers that identify points to cover in employee training. You can even go to the Department of Homeland Security and IRS Awareness Campaign websites and download their cybersecurity training resources.

Since every single employee in your firm is a potential source of a security breach, everyone in the firm should go through security training, from the firm owners to the frontline employees — including the IT staff. Due to the ever-evolving nature of cybersecurity threats, experts recommend at least annual training (although more often is always good).

Awareness is key

Hackers thrive on ignorance — they want everyone to assume that life is safe and no one’s out to get them. So it’s a good idea to periodically ask your employees questions including — but not limited to — the following, to help them remain aware of potential security vulnerabilities.

• Do you have company email or other company data on your mobile device or portable drive?
• If so, do you have appropriate security precautions in place, such as data encryption and multi-factor authentication?
• How many of you are aware whether all the devices in the organization have the most recent updates for operating systems and security software?
• At work, do you lock your computer when you walk away from it, or do you leave it open and accessible to others?
• Could your passwords’ security access questions be easily deduced from a look at your social media?

While this is only a start, it’s an important one. Use the tools and resources mentioned above to educate your staff and close the door to hackers. We can work together to take steps to improve security in our industry.

iIBM’s Security Services 2014 Cyber Security Intelligence Index Report


Christina Wiseman serves as product manager of Web Services & Mobile Technologies for Thomson Reuters Tax & Accounting. She uses her more than 13 years of experience to work closely with the sales, marketing, training, development and support areas to deliver quality web and mobile solutions to tax and accounting firms via CS Professional Suite. She holds a master’s degree in IT management from Colorado Technical University and a bachelor’s degree in management information systems. Christina is also a certified product management professional accredited by Pragmatic Marketing.