Another year, another phishing scam. You may have seen that the IRS recently warned practitioners and all employers of the resurgence of W-2 related scams. The holiday season is over and, as tax season approaches, hackers are ramping up their efforts to steal private information from your firm and your clients.
If you can commit to only a few resolutions this year, make data security training a priority for your firm.
Hackers are increasingly targeting tax and accounting firms of all sizes — so besides W-2 scams, for what else should you be on the lookout? We should expect an uptick in phishing scams intended to gain any of your online login credentials, in addition to scams capable of installing malware on your local machines — which can give cybercriminals your logins, as well as access to any local data.
So what can you do in a world that seems intent on attacking firms from every direction? Don’t panic and don’t stick your head in the sand, to be frank. While nothing is perfect or guaranteed, there are some industry best practices that you, your staff, and your clients can implement to secure your information. Following are a few of these industry best practices that you should consider implementing:
- Always look at the address bar on any website before entering your credentials. Look out for misspellings of company names, or verbiage that doesn’t make sense for the site you believe you’re accessing.
- Better yet, instead of clicking links in unsolicited emails, go to the website in your browser and navigate to the correct area of the website. For example, to access your account information for CS Professional Suite software, start by navigating to the tax.thomsonreuters.com website by typing it in yourself, and then logging into the system.
- Educate your employees and continue to emphasize how one “mis-clicked” email can affect the entire firm. Remind them to stay vigilant, and don’t assume that security is always on their minds.
- Enable multi-factor authentication for access to your network, your online software, your bank accounts, etc. With multi-factor authentication, you have another strong line of defense against any cybercriminals who may have gotten your credentials — especially since it’s likely that they don’t also have your physical device to confirm entry.
- Know what to do if you think your information has been compromised. Have a plan in place to handle potential data breaches, and educate your staff on how to follow the plan.
For more tips on defending your firm against security threats:
- Visit our Customer Security page
- Review the Protecting your firm and clients against phishing scams help topic in our Help & How-To Center
- Read Jon Baron’s blog article, Your Firm’s Been Hacked: Here’s What to Do Immediately
- Review resources from the IRS, like Protect Your Clients; Protect Yourself
- Regularly seek the latest guidance from your technology and legal advisors on the best data security practices for your firm.
Cybercriminals are becoming more advanced in their methods by the day. When you use industry best practices, you have the best chance of protecting your firm and clients from harm.
We’re here for you at Thomson Reuters. We wish you a safe, fulfilling, and productive tax season.