Shoring up network cybersecurity for the 2020 tax season

Shoring up network cybersecurity for the 2020 tax season

With 2020 tax season fast approaching, how can accountants ensure their IT networks are secure against the many cyber-threats facing businesses today?

Shoring up network cybersecurity for the 2020 tax season

Two years ago, there was a major cyberattack at Deloitte. The financial scope of the attack is still unknown but is rumoured to run into the tens of millions of dollars. While the attack was some time ago, the threats for accountants still remain. And as accountants prepare themselves for the 2020 tax season, it feels like we have enough to worry about without concerning ourselves with cybersecurity.

That’s true to an extent. Cybersecurity is an area that can be effectively outsourced, and many accountants plan to do just that in 2020. But putting in place security software only gets you so far, especially in a sector that is growing rapidly. You also need to ensure that your staff (and yourself) stick to the policies and procedures you have in place.

The Deloitte hack is an excellent example of why. The cybercriminals who targeted Deloitte were able to gain access to the firm’s Microsoft Azure cloud because the account was only protected by a single, weak password with no two-factor authentication in place. In other words, it was the users of the system that opened it up to attack and not some failure in the system itself.

In this article, we’ll take a look at how you can improve network security for 2020, with a particular focus on how we should be using the IT networks we work with.

1. Enforce Password Policies

Let’s start with the most obvious lesson from the Deloitte hack: the importance of using strong passwords. For those of you who already take network security seriously, this seems like old advice. But that doesn’t make it any less important.

One of the most important and effective security measures you can have in place is a system to ensure that all of your employees are using strong passwords and that they are using a different password for each account they use. This can be achieved via enforcing strict password rules on every piece of software you use, but there is an easier way; use a password manager.

A password manager automatically generates strong, unique passwords for every user’s account, and allows them to manage them easily. It also allows you to easily delete their accounts from your systems if they leave your employment.

2. Document Security

Next, document security. Even a few years ago, securing your documents was reasonably easy, because they would be stored on a server located in your office. Today, as firms move more of their documents online and into cloud storage, it has become more difficult to guard against them being stolen. Nevertheless, solutions are available, and accountancy firms should be aware of how small businesses acquire data – and how they store it as well.

The solution to this is to implement a strong and secure account management system. These systems are often built into several types of small business software. Many SMEs are now built on website frameworks such as WordPress, Wix, or Shopify. These website builder applications commonly offer a system for managing employee access to financial documents and templates stored online. Shopify, for example, has integrations with accounting apps like Xero and Freshbooks, allowing users to quickly import and make use of income statement templates. Similarly, most modern secure email systems encrypt documents when they are in transit, which means that even if they are stolen they cannot be read.

3. Employee Devices

The security of employee devices, such as their smartphones and tablets, is of increasing concern in the cybersecurity sector. That’s due to the rise of BYOD (“bring your own device”) policies that actively encourage employees to access their professional accounts from their personal devices.

These policies can be a real benefit to accountancy firms, allowing employees agile and secure access to all the documents and systems they need. On the other hand, the use of personal devices can also open up significant security holes in your networks. This is a growing problem, as illustrated by The Ponemon Institute’s 2018 State of SMB Cybersecurity report showing that 50% of a small business’s data is accessible from a smartphone.

The most practical solution for accountancy firms is to use two-factor authentication to ensure that no sensitive information is accessible by just entering a password on a personal device. Two-factor authentication requires that employees enter two forms of authentication – such as both a fingerprint and a PIN – in order to gain access, and can dramatically reduce your vulnerability to cyberattacks.

4. Secure Remote Working

Last but definitely not least, you should ensure that when your employees work remotely, they do so in a way that is secure.

The practice of securing your internal communications can be done in a variety of ways. One is behavioural – when your employees are working remotely, they should never use public WiFi networks. This type of network, and especially those at airports and other large public spaces, are a favourite target of hackers.

Another, more powerful solution is to use a virtual private network (VPN). This is a small piece of software that is installed on every employee’s machine and encrypts all the information that they send and receive. Because this data is encrypted, it is essentially impossible to read for anyone who manages to steal it. And because a VPN also hides your true IP address (location) from hackers, it is more difficult for them to identify you as an accountant, and therefore as someone with access to potentially lucrative information. As a result, they are less likely to target you.

The Bottom Line

If you are wondering about the cost of all of these security upgrades, don’t worry. Almost all of the systems and behaviours above are free and make little difference to the profitability of your own business.

In fact, they might just make the difference between a successful business and one that fails. While Deloitte certainly has enough money to cover the cost of a hack, many small businesses would not. For that reason, small accountancy firms can’t afford to not put in place strong cybersecurity practices and systems.

The four areas above are a great place to start and can easily be put in place before the 2020 tax season.


Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyber-defence, and cryptography.

Share

Subscribe to get your daily business insights

Resources & Whitepapers

Why Professional Services Firms Should Ditch Folders and Embrace Metadata
Professional Services

Why Professional Services Firms Should Ditch Folders and Embrace Metadata

3y

Why Professional Services Firms Should Ditch Folde...

In the past decade, the professional services industry has transformed significantly. Digital disruptions, increased competition, and changing market ...

View resource
2 Vital keys to Remaining Competitive for Professional Services Firms

2 Vital keys to Remaining Competitive for Professional Services Firms

3y

2 Vital keys to Remaining Competitive for Professi...

In recent months, professional services firms are facing more pressure than ever to deliver value to clients. Often, clients look at the firms own inf...

View resource
Turn Accounts Payable into a value-engine
Accounting Firms

Turn Accounts Payable into a value-engine

3y

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
Digital Links: A guide to MTD in 2021
Making Tax Digital

Digital Links: A guide to MTD in 2021

3y

Digital Links: A guide to MTD in 2021

The first phase of Making Tax Digital (MTD) saw the requirement for the digital submission of the VAT Return using compliant software. That’s now behi...

View resource