Hackers are getting smarter — so we’re getting smarter, too.
In 2015, hackers used information from social media to steal 724,000 taxpayers’ return data from the IRS Get Transcript system. In 2016, cybercriminals stole Social Security numbers from outside the IRS to obtain e-filing personal ID numbers that could be used to e-file returns.
We need to take strategic actions to address ongoing threats like these. Hackers are increasingly targeting tax and accounting firms of all sizes — whether they operate on local networks or in the cloud. Many security experts believe that firms operating on local networks are even more vulnerable.
It’s more important than ever for firms to stay vigilant. From fortifying security technology to making simple changes in procedures and awareness, there are many things they can do to keep firm and client data safe. Take password protection: Passwords you use in your office to access client data should be unique to your office and never shared or used anywhere else.
The intensity and sophistication of phishing and spear-phishing attacks on our profession is increasing, which is why it’s important to be diligent with email. If you don’t know the sender, don’t open the email or any links/attachments. These attempts can take you to a false URL that captures your credentials or leaves malware installed on your computer and network that logs every keystroke. And once your firm is compromised, so is all of its data. Recovering from such a situation can be devastating to a firm and, in some cases, may not even be possible.
But you’re not alone. I can personally assure you that data security is a top priority for Thomson Reuters. We’re committed to taking the lead in the industry to strengthen data security and help you protect your practice and your clients.
We instituted new login requirements, password strength minimums and an inactivity timeout feature this past tax season. Although the requirements may have seemed onerous, we must realize that our profession — along with financial and health care institutions — is at the top of the list in maintaining sensitive data. That’s why there are such stringent rules to follow in protecting our data, as regulated by the Gramm-Leach-Bliley Act, which requires firms to reassess their security plan every few months.
We also recently implemented multifactor authentication (MFA) for users of CS Professional Suite products and portals. MFA offers a higher level of security for your clients, and we strongly advise you use this method to confirm your identity and better secure client portal data. We’re pleased to be the only tax and accounting software provider that currently offers an MFA app, Thomson Reuters Authenticator, which provides industry-standard authentication factors.
For more important security information, browse the helpful resources on our Thomson Reuters security page — from a fact sheet with tips on how to avoid being tricked by phishing schemes, to a video on how to upgrade your firm’s CS Professional Suite security, to our white paper Protecting Your Firm’s Client Data From Cybercriminals: 5 Common Questions.
I’ll also continue to share my thoughts on the latest professional developments on my blog: tax.tr.com/author/jonbaron.
I won’t sugarcoat it — we live in a scary world sometimes. But when your firm and Thomson Reuters work together, we can put strong safeguards in place to help you protect your clients and your firm. We’ll give you the support you need to navigate uncertainty, today and beyond.