Even though the tax season is wrapping up for individual returns next week, accounting firms shouldn’t breathe easy on April 18th. In fact, much of the data they process daily is exactly what bad actors want to get their hands on.

Why? Because accounting firms hold the same, if not more, information than banks do. They have multi-year tax returns, Social Security and direct deposit numbers, just to name a few pieces of valuable information.

On a personal level, cybercriminals love to take the returns from the year before or capturing current tax information before it’s filed. These hackers often file fraudulent tax returns, receiving a check or direct deposit from the IRS before the user knows what happened.

With corporations, accounting firms collect data relative to mergers, acquisitions and corporate restructuring efforts. The more information bad actors can use for ransomware or insider trading opportunities, the more money they can make.

Is Your Firm Too Small?

No! Hackers like to target boutique firms because they often have fewer security protocols in place. If they get into your firm, often your client trust is diminished, which can lead them to fleeing out your door.

According to Accountancy Age, security breaches can cost an average of $40,000 per incident. With nearly 60% of small accounting firms having no contingency plan, this is a course of action for going out of business.


What Should Accounting Firms Do?

Here are six things you should do right away:

  1. Educate your staff.
    Help them identify phishing emails and social media scraping. Be sure they know who to go to internally if they suspect something wrong.
  2. Make sure all your systems are up-to-date.
    Audit your network to ensure you have the latest hardware, software and malware. Running outdated technology is the easiest way for bad actors to get into your records. Entrepreneur magazine states that by updating your operating system and antivirus software can significantly improve the odds of stopping a cyberattack.
  3. Enlist a policy of strong passwords that must be changed every 60- to 90- days.
    Be sure your employees don’t use the same passwords for different application sign-ins.
  4. Upgrade your website to https and only use these sites.
    A https site indicates it’s secure. This is now the gold standard for websites.
  5. Implement router policies.
    Either put in place a VPN, dedicated Wi-Fi router that is password protected and/or an end-to-end email encryption system. Be sure and provide email criteria and train your staff on them.
  6. Hire an outside security expert.
    This firm can analyze the type of information each computer has access to and how vulnerable your data is to a cyberattack.


Shellproof Security Can Help Keep Your Accounting Firm Ship-Shape

We can provide security measures to protect your business and client tax returns from being hacked. Please give us a call at 212-887-1600 to schedule a consultation today!