CPA’s Required to Follow Data Security Regulations
In December 2019 the IRS announced that it will be requiring tax professionals to have a written security plan. If your firm doesn’t have one, or you don’t know where to start, here are the first 6 requirements, and my recommendations on getting started and making sure they are done correctly.
- Train Your Staff to Recognize Phishing Emails – Phishing, as you probably know, is an email scam that attempts to trick a user into clicking a link that will redirect them to a malicious site. To better educate your users, there are user awareness program who’s focus is to educate end-users on how to identify phishing threats. An educated workforce is an important data security strategy in todays world.
In order to get this in place, i.t.NOW highly recommends using a company called KnowBe4. Their training program delivers great information as well as tracking user progress that can be easily reported on down the road.
- Install Anti-Virus on all Workstations – Sounds super easy right? Just make sure free Windows Essentials is running on all your workstations and you’re good…well, maybe not. The problem we commonly see is when a firm is asked to provide proof this is being done. Either they can’t do it or it takes A LOT of time tracking it all down. t.NOW strongly recommends implementing a centrally managed anti-virus solution so that management and attestation are quick, easy, and painless.
- Implement a Password Policy – Visit our online library to see best practices on implementing secure passwords at https://itnow.net/guide-to-strong-passwords-in-2019/.
- Encrypt all PCs and Laptop Hard Drives – If your computers are running Windows 10 Pro and they meet the minimum requirements, you can do this fairly easily and inexpensively by implementing Microsoft’s BitLocker. Warning: make sure you know what you are doing before implementing this!!! If you lose the encryption key (and it happens more than you would think), your data will be irrecoverable. If you’ve never done it, please use a professional!
- Have Data Backups –Most business have backups, but here are a few tips and recommendations from the pros.
- Don’t rely on people for your backup strategy (e.g. Bob takes a disk offsite to his house once a week, or Sally manually copies files on a Friday afternoon to a backup location) because people forget, they get sick, they leave, or they go on vacation. Automate your backup strategy as much as possible.
- Don’t Backup Files, Backup an Image – Making sure you can get your files is an essential part of a backup solution; however, being able to quickly restore the entire systems back to normal is also just as important. i.t.NOW recommends using imaged-based backups because it protects your files, and allows you to restore systems quickly and easily.
- Test and Monitor Regularly – Make sure your backup solution is tested regularly and reports are automatically emailed to you. We have seen business who assumed everything is working fine, until they need a backup done. That is when they find out their backup solution hasn’t been working for weeks, months, or even years! Getting an email a couple times a week telling you the status of your backups can go a long way in preventing pain down the road.
- Protected your Network with a Firewall – They key word here is “protect”. Just having a firewall plugged into your network is not enough, it should be configured properly and have security services enabled. A Russian ransomware development group named HildaCrypt listed the top 5 ways they hack companies’ networks. You can probably guess, but mis-configured firewalls was on that list. A business class, centrally managed, firewall like SonicWALL, will protect your network as well as provide easy reporting and auditing for your network.
These are 6 requirements on our list – if you are interested in the other requirements, you can find them below or reach out to i.t.NOW for assistance.
i.t.NOW offers IT support services that are designed to automate many of these requirements for you, as well as provide world-class IT support. Our goal is to make IT easy. If you are interested in more information about i.t.NOW, contact us at (801) 562-8778 x 2 or firstname.lastname@example.org