As a tax professional, you are obligated to protect your clients' personal and financial information. However, that is becoming increasingly difficult as cybercriminals become more sophisticated with their plans and specifically target financial professionals because you have so much valuable, sensitive information. We're sharing some tips to help you prevent tax identity theft as a CPA.
Tax identity theft in emails
Hackers and cybercriminals often use email (or attachments within emails) to steal data. The most common methods are:
- Email spoofing, where the sender will forge someone's exact name and email address or a similar name impersonation to resemble a trusted source such as a client or even the IRS.
- Executive fraud, where a cyberattacker will impersonate a department head or even company leader to gain sensitive information from employees. This is much more common in large organizations where employees may not know the head of HR or the CFO and will send data, not realizing the sender is an imposter.
- Spoofing a realistic looking website link within an email, and when the individual clicks on the link, the attacker can gain information and data.
- Using malware in an attachment so when the attachment is opened, the virus or spyware can enter the network.
Even though criminals continually update and hone their methods, you can prevent tax identity theft from your emails with these steps:
- Use an anti-phishing software that will detect and remove phishing attempts before they even reach your inbox
- Scroll over the sender and any links within the email without clicking. Look at the text that is visible and check for any misspellings or errors
- Never open attachments from a source you don't recognize
Most importantly, if you receive an email requesting personal client information, whether it's internal or external, reach out to the individual via phone or internal messaging (like Slack or Teams) and see if they made the request.
Follow strong password procedures
We know you have a lot of passwords to keep up with, both professionally and personally, and it's easy to use the same one for everything and also let your web browser save your passwords. But these practices are very risky, and if you want to prevent tax identity theft as a CPA, you need to prevent hackers and criminals from getting your passwords. Some best practices include:
- Run a password monitoring or management tool, like Keeper to determine if any passwords used by you or your firm are compromised
- Create strong passwords that include capital letters, numbers, and special characters (not just Password1, either!) for computers and wireless devices
- Don't use the same password for everything
- Don't keep your passwords in plain view, like on a post-it note on your monitor.
- Change your passwords at least once each quarter
Protect outgoing information to prevent tax identity theft
As a CPA, you have to send out your clients' sensitive data, often to the IRS, or even to your client. During transfer, make sure that data is protected and secure.
- Don't transmit data or log into company files or platforms on an open wi-fi source, like a coffeeshop's wi-fi. If you have to use a public or open source, use a virtual private network (VPN) to protect your information.
- Encrypt all sensitive files and emails
- Make sure your software and operating system is regularly updated as outdated software often has gaps and vulnerabilities that can be exploited.
Stay up to date on cybersecurity for CPAs with Becker's CPE
We can help you prevent tax identity theft and protect your clients' information with cybersecurity CPE courses. Our experienced instructors will walk you through what you need to know, from protecting your data to providing guidance and advice to your clients on security issues related to their taxes and finances.
