Tax & Accounting Blog

Multi-factor Authentication: The New Security Standard for Accounting Firms

Accounting Firms December 13, 2016

Given the rise of tax-related identity theft and phishing attempts that can result in bad actors (those who attempt to infiltrate systems and data banks with malicious intent) taking over the credentials of accounting firm employees and gaining access to critical and confidential data, a password is no longer enough to protect the private information of accounting firm clients from identify thieves. Yet only a small number of accounting and tax software providers are implementing a security standard known as multi-factor authentication to protect professional users and their clients from the mounting threat of cyber-attacks.

What is multi-factor authentication?

Multi-factor authentication is the process by which the provider of access to critical personal and financial information verifies that a user is in fact the true user by triggering a second, and more secure, form of identity check. For professional accounting firms, the equivalent is any application or portal that would provide the user access to critical personal or financial data through their systems.

When multi-factor authentication is enabled, you and your clients are granted access to data or an application after presenting pieces of evidence from two or more of the following categories:

  • Something you know (e.g., password)
  • Something you have (e.g., phone)
  • Something you are (e.g., fingerprint)

You’re likely familiar with this process as many financial institutions, healthcare providers, investment houses, social media outlets, and others, now give users the option of setting up a two-factor authentication process that involves a security code being sent to your registered mobile device.

When multi-factor authentication is used, it helps to ensure that if thieves manage to steal you or your clients’ credentials (i.e., user names and passwords), they will be blocked from actually accessing accounts, software, portals, etc.

How is multi-factor authentication implemented at accounting firms?

Using the latest technology, some progressive accounting and tax software providers are embedding security controls that offer convenient and secure user authentication for a firm’s staff and clients. Firms can choose to require multi-factor authentication for all staff (which is advisable) or not (which leaves the firm more susceptible to malware). For clients, firms can make multi-factor authentication an option on a client-by-client basis, based on their clients’ desires.

Multi-factor authentication technology correctly designed by a provider should be available for both cloud-based and on-premise deployments, allowing firms to avail themselves of state-of-the-art security measures across the board. Remember that if a firm is compromised by malware, bad actors can access everything within an accounting firm’s systems regardless of whether it is cloud-based or on-premise. In evaluating a software provider, the one who can apply the multi-factor technology to both deployment methods is the better choice.

Keeping your clients and your firm safe

In a profession where cyber-security is of the utmost importance in safeguarding the personal information of your clients and the integrity of your firm, make sure your accounting software provider offers multi-factor authentication as one way to stay ahead of identity thieves.

Tax software providers, together with the IRS, are continuing to make strides in protecting tax professionals and their clients against cyber threats. For more information on this effort, read Tax Preparers Take Center Stage in the Fight against Tax Fraud.

Related content

Thomson Reuters Protection for Your Firm and Clients

Strengthen security for your clients and your firm with Thomson Reuters Authenticator™, the new multi-factor authentication app. Learn more

Take Action to Help You Keep Your Clients Safe

Hackers are specifically targeting tax and accounting firms at increasing rates—and it’s not just the big firms being targeted, but firms of all sizes. Learn more