President/Consultant Essential Integrated Data Ltd.
Share this content

Keeping Client Data Secure While Working Remotely

During tax season, accounting professionals are more vulnerable to cyberattacks than at any other time of the year, due to the sheer volume of sensitive client data thieves are looking for. Fortunately, even though the COVID-19 pandemic forced everyone to work from home, you can still effectively protect your devices and those of your staff members from cyber thieves. Security expert Danny Severns walks you through simple yet powerful steps to take in the first of a two-part series.

Mar 23rd 2021
President/Consultant Essential Integrated Data Ltd.
Share this content
cyber attack
dangrytsku_istock_cyberattack

With tax season in full swing and accounting firms continuing their work-from-home polices, it is imperative that best practices are followed to protect sensitive client data. While these measures should be taken year-round, CPAs typically have a larger volume of sensitive data during tax season and, therefore, are more vulnerable to cyberattacks at this time. The reason is simple: A CPA’s computer is a target-rich environment for sensitive data like names, Social Security numbers, addresses, driver’s license numbers, salaries and earnings, bank account numbers, credit card data, medical history, and other information, all of which can be monetized. So, how can you make sure would-be thieves don’t get their hands on any of it when you’re working from home?

Steps Firm Leaders Should Take to Prevent Cyberattacks

As the firm’s leader, make sure you have official company protocols and policies for protecting client and other sensitive data. Typically, this involves having cloud and on-premises network systems and software set up with the proper security and data protections in place, such as 2-factor authentication, strong software user passwords, use of a firm-wide VPN, adequate firewall and router protections, sensitive data encryption, software UI logging to track when sensitive data is read and accessed, and software UI masking to protect sensitive data. (In case you’re not familiar, UI masking shows sensitive data like Social Security numbers as a string of asterisks if a user lacks permission to see it and only show the last 4 digits for those with permission.) All of these measures will make it difficult for a hacker to gain unauthorized access to your network and should be a basic part of your security strategy.

How to Ensure Protect Employees’ Devices from Breaches

Now, what about your staff members? Working from home presents a variety of challenges when it comes to data security, and how you handle it all depends on whether or not the employee is using their own device or one you gave them. If they’re utilizing a company laptop, this can easily be configured for end-to-end network security, which means they would also benefit from the security measures I described in the preceding paragraph.

But what if all those firm-wide measures are not in place, the employee is using their own computer, and they access and transfer sensitive data to and from their local PC and the firm’s servers? 

Start by securing the employee’s home Wi-Fi. Here’s what to do:

  • Log onto the home router as the Administrator by typing the router’s IP address into the URL field in a browser and press enter. You will find the router’s IP address in the instructions that came with the router; it’s usually 192.1.1.168.
  • Change the router’s default name to something meaningful so you can identify it in the list of Wi-Fi names that appear when you click on the Network icon in the taskbar.
  • Next, change the Administrator default password to a strong one with 12 or more characters containing upper and lowercase letters, numbers and symbols,
  • Turn on encryption; WPA2 and WPA3 (Wi-Fi Protected Access) are the most up-to-date encryption standards. Older routers use an encryption standard called WEP (Wired Equivalent Privacy), or they will offer you a choice between the two. WEP is not as strong as WPA, so choose the latter. But, you really should consider getting a newer router if WEP or WEP/WPA is all yours offers,
  • Turn off the router’s Remote Management feature. This enables a support person to remotely connect to your router. If you need to do that, turn it on to allow the tech to login, but turn it off when they are done.
  • Turn on the router’s internal firewall. You may already be using a software firewall, but having one for hardware and one for software is even better,
  • Log out of the router when you’re finished making changes so no one else can access it using your open login.

Next, secure the computer by turning on the Windows Defender firewall. If you use Apple, Macbook comes with a security software equivalent that’s already on and automatically updates. Use 2-factor authentication for login password protection, and create a password according to the guidelines I laid out above. Instruct all employees to lock their computer if they walk away from it (simply hit the “Lock” button in the Start Menu). If you or a staff member is worried about forgetting to do this, you can turn on Dynamic Locking in settings. This uses the presence/absence of another Bluetooth-compatible device to lock or unlock your PC. Obviously, the device needs to be something you carry on you that will connect/disconnect from Bluetooth when you leave and return to your computer. Examples include your cell phone, tablet, headphones, and Mini MP3 or similar players. As a final note, Dynamic Locking is available on Windows 10 Pro and Enterprise but not Home Editions.

Another best practice is to provide everyone who needs to access your system with a VPN, or Virtual Private Network. This encrypts data received and transferred to and from a computer that’s part of the network. There are many to choose from, but you should only consider ones that say they do not log user activity. I recommend ExpressVPN, which has been around long enough for users to trust it and (at least so far) operates well and quickly. I haven’t had any trouble connecting to various URLs, which has been a problem with other VPN products. It’s also relatively inexpensive. If you’re seeking something free, try Securepoint SSL VPN, which is feature-rich and based on the very sound and widely used OpenVPN Project.

In the second part of this series, I’ll discuss encryption, which is another crucial security measure that will save you and your clients a lot of grief.

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.