At the top of the list of things that keep accountants up at night is having client data compromised. Trust and security are two important features a client looks for when they choose a tax preparer or CPA, and one data breach can ruin your reputation for years.
Strategies such as managed cybersecurity services can definitely help protect you from a breach but managing client data protection goes beyond that.
What happens if an unprotected client file is accidentally emailed to the wrong person? That’s not a malicious data breach, but it is still a serious security incident that can cost you.
The average cost of a data breach for a service provider in the U.S. is $9.6 million.
When client data that is entrusted to your firm is compromised, the costs can follow your firm around for years. Costs include the immediate emergent IT costs, client notification, lost productivity, and more.
What’s the #1 contributor to data breach costs? Lost business.
Strategies to Protect Your Clients’ Data from Being Exposed
Data protection requires a multi-layered strategy that incorporates both your technology and your employees. The time and effort you put into it just might save your firm from a devastating security incident that can haunt you for years.
Here are smart ways to increase your client data protection.
Add Rewards to Your Employee Security Program
Many CPA firms will include penalties when employees don’t follow IT security and data handling policies. They may be reprimanded or even fired, depending upon the severity of the incident.
But do you reward employees when they do adopt cybersecurity best practices?
Adding a reward component to your employee IT security program can encourage safe behavior and keep everyone more aware of data security in everything they do.
Try positive reinforcement in your cybersecurity strategy through:
- Call outs in emails & company newsletters for good practices
- Gifts of company swag based upon team or department efforts
- Add a cybersecurity employee of the month award
Conduct a 3rd Party IT Security Audit Annually
Cyberthreats are always evolving. This means that a security strategy that had you well protected a year ago, might need some additional tweaks today to mitigate new dangers.
You can stay proactive about your cybersecurity and ensure your strategy evolves along with the threat environment by having a 3rd party IT security audit conducted each year.
An IT professional (like Connect2Geek) will ensure your safeguards are still adequate and recommend any needed adjustments to fortify your defenses.
Put Multi-Factor Authentication in Place (for Everything!)
One of the hardest types of data breaches to catch early on is when a hacker gains access to login credentials. The system sees them as a legitimate user and unless they start exhibiting risky behavior, they could be in your files stealing client data for months or years undetected.
The most common type of attack used in data breaches in 2019 was unauthorized account access and it was used in 40% of all breaches.
All the logins at your accounting firm should have multi-factor authentication (MFA) enabled. It’s the strongest defense you can have against account takeovers.
While a bad actor might have a user’s login for QuickBooks Online, if MFA is enabled, they’ll be stopped from gaining access because they don’t have the device that receives the code required to complete the login.
Use Sensitivity Labels or Similar Document Security Measure
One of the handiest document security measures an accounting firm can use is inside Microsoft 365. It’s called sensitivity labels.
Using sensitivity labels allows you to either manually or automatically tag all your Word, Excel, and PowerPoint files and Outlook emails. Once a document is tagged with a sensitivity label, the system can apply automatic security policies.
For example:
- Everything tagged “highly confidential” can be encrypted with user access restrictions.
- Content tagged “internal use only” can have a watermark put on it.
- Anything containing an SSN can have copy, print, and sharing restrictions applied.
Using Microsoft Cloud App Security with sensitivity labels can ensure your document protection policies are carried over when the file is shared in other cloud applications.
Train Your Clients on Good Document Security
What if you’re sharing a file with a client, but a breach comes from their side, not yours? Some clients may still blame your firm, not realizing (until after months of investigation) that the breach was caused by one of their employees.
Be proactive about client document security. Offer a webinar or online video for clients and their employees to review when they first sign up that includes good document security and remote connection policies.
Another tip is to add a “Data Security Tips” section to any newsletters that you send out regularly to customers. This serves two purposes:
- It reminds your clients about good data security practices
- It lets your clients know that your firm makes IT security a priority
When Did You Last Have an IT Security Audit?
Is it time for an IT security audit? If it’s been more than a year since your last one, then you should seriously consider one to ensure your client data is protected. Connect2Geek can help!
Schedule a free security consultation today! Call 208-468-4323 or reach out online.