As an accounting professional in Canada, you’re a strong target for cyber attackers. You have client names, addresses, phone numbers, email addresses and dates of birth that cyber criminals desire. You may also have social insurance numbers, places of employment, annual income, health records and financial records that bring cyber criminals high premiums. Fortunately, there are steps you can take to keep your data secure and help protect the accounting industry’s reputation.
Step #1: Properly Store Information
Client information is best kept in paper form and locked in filing cabinets. However, if you scan and convert documents into images, ensure you store them on an encrypted local hard drive or USB drive protected by two-factor authentication (2FA). If you store the information in the cloud, use a service provider that offers a minimum of 2FA. An additional option is using a secure online vault that encrypts stored documents.
Step #2: Secure Documents
When you email spreadsheets containing confidential information, always use an internal, secure system. Also, avoid downloading records or reports to a local computer that lacks at least 2FA. Although most accounting software is secure, Microsoft Excel is protected by only one password. Therefore, confidential information can be easily accessed. Similarly, although sending documents as PDF files offers an extra layer of protection, it’s not much safer unless the computer the PDF is being downloaded on has 2FA or better.
Step #3: Safely Email
Use best practices when emailing. For example, ensure your clients’ email providers support Transport Layer Security (TLS), which is stronger than Secure Sockets Layer (SSL). Also, ensure your department is trained on identifying and reporting phishing attacks, such as by looking at the originating email address and not clicking on a link they’re unsure about. In addition, avoid using the last four digits of a client’s social insurance number as a password. Furthermore, rather than emailing a password for a client account, call the recipient to share the information or agree on a password during a meeting.
Step #4: Avoid Public Wi-Fi
Never use public Wi-Fi services to access or exchange confidential information. Hackers can easily access public data streams and intercept data in plain text format. Instead, use VPN software for end-to-end encryption. Also, avoid putting confidential information on your smartphone unless your phone is protected with 2FA. Also, because a PIN or pattern match can be guessed, and face or fingerprint recognition systems don’t provide complete security, use a combination of the two. In addition, take advantage of remote phone locking and wiping.