Do You Follow the "Security Six" Safeguards with your Financial Data?

The IRS lays out a set of six best practices that tax professionals must abide by to protect taxpayer data, referred to as the “Security Six.”

​While the phrase Security Six applies specifically to tax accountants, tax preparers, and tax auditors, anyone can (and should) follow these same safeguards with sensitive data. Additionally, if you are outsourcing your financial functions to a third-party bookkeeper or accountant, they should be taking these precautions on your behalf as a component of your overall cyber security strategy.

Ask yourself what kind of security measures you have in place to protect your financial information and your customers’ information. How many of these Security Six protections are you using right now?

---

1. Firewall
Firewalls shield both individual computers and the entire network against malicious traffic. Firewalls are fairly ubiquitous these days but having an experienced systems administrator or Security as a Service (SECaaS) company managing your firewall is just as important as the wall itself.

2. Anti-Virus Software
A good firewall creates a layer of cyber defense around the business, while anti-virus software is designed to catch anything harmful that makes it through. Automated scans look for malicious software that has been put onto a computer or that is trying to get onto the network. Anti-virus software is your best protection against malware because it is updated constantly to protect you against not only the most common types of threats but also the newest threats as they develop.

3. Multi-Factor Authentication
Two-factor authentication typically requires something that is known and something that is owned (like a password and a phone) to gain access to sensitive data. However, it can also be designed to backup an individual password by requiring a company security code that changes frequently. Either way, the result is a much stronger layer of protection than a simple password.

4. Backups
Critical files and data should be backed up regularly. Scheduling backups to happen automatically ensures that your most recent data is always protected from accidental or malicious loss. Backup data both on-site and off-site to create redundancy. Backing up to the cloud allows for maximum retrievability in the event of a disaster.

5. Disk Encryption
Disk (or drive) encryption turns sensitive data on computer hard drives into unreadable files so it will not be accessed by unauthorized users. This protects financial data on the computer both from malicious breaches and loss/theft of the device.  

6. VPN
A VPN (Virtual Private Network) establishes an encrypted tunnel for data to move through with reduced risk, providing a way for employees to access and transmit sensitive data remotely using a secure connection. With more employees working remotely, VPNs ensure that data remains safe whether employees are working from home, the road, or the office.

7. BONUS: Internal Controls
While the IRS does not include implementing internal controls in their recommendations, they are critical for mitigating all types of financial risk. Your accountant should implement the following controls to protect sensitive data:

• Separation of Duties
• Access controls
• Financial information audits

Internal controls not only manage risk but also aid in preventing fraud, ensuring compliance with existing laws and regulations, and identifying financial problems proactively.

If you skip any of these safeguards or if any of these measures fail, your financial security can be breached. Do you know what to do if your tax data is compromised by a hacker?