When accountants ask IRS compliance providers if their site is secure the answer will always be “Yes,” leaving them less than enlightened on the accuracy of that answer.
Accountants are rightly more concerned than ever about the security of their clients' data in the cloud. Below are five specific questions and the ideal answers that will help you assess the security of your online providers.
1. How do they manage their servers and where are they located?
Ideal answer: AWS, Google, Azure or other managed cloud provider with physical protection and excellent reputation. If your provider sets up and manages their own servers in a 'server farm,’ this has the potential to be less secure since it adds a lot more complexity to your IRS provider's workload.
2. What operating system is used on their servers and how often is it updated for security patches?
Ideal answer: The most important thing is that the provider actually has a regular security update procedure. General security patches should be updated weekly. Major security issues should be updated as soon as the patches are issued, which could be same day. The two major operating systems used are either Windows-based or Linux-based. We recommend the Linux-based systems, but a well-maintained Windows system is fine. Again, it's the regularity of the updates that are most important.