When discussing data security, it’s common enough to refer to the most recent major breaches. High-profile hacks at retailer Target and insurance giant Anthem have been regular reference points lately, but it’s easy to guess that one or both of them are hoping the Internal Revenue Service will take their place as the poster child for data disasters.
In case you missed the events that put the IRS on the list of bad examples, it turns out that earlier this year determined hackers gamed the service’s online “Get Transcript” feature to steal the returns of approximately a hundred thousand taxpayers. As we went to press, the IRS had shut down the feature and was investigating, as well as offering free credit tracking for all those affected. But the interesting part to me is that the hackers had to have a lot of personalized information about those taxpayers to make their attempt in the first place — everything from home addresses to Social Security numbers.
With all that in mind, I thought this would be a good opportunity to offer a few tips on keeping all those valuable 1s and 0s safe:
- Get strong passphrases. The usual prompts to include numbers and special characters are pointless, because they leave you with an eight-to-12-character password you can never remember. Instead, create a passphrase that you can remember easily — instructions are a quick Internet search away.
- Lock down the data. Set and follow strong data protection policies, including restrictions on what can be put on thumb drives, laptops and other portable devices.
- Protect data in transmission. If your firm and your clients are ready for them, institute client portals, so you can receive source documents and other data securely — and share tax returns, financial statements and anything else clients may need in the same way. And if you or they aren’t ready for portals, at least make sure that you’re encrypting your e-mails. It’s a really simple way to protect everything.
- Be able to destroy it. If your policies allow client or firm data to be stored on mobile devices like smartphones and tablets, make sure the “Remote Wipe” capabilities are enabled on all such devices, so they can be cleared of all data if they’re lost or stolen.
- Back it all up. This is less about preventing crime than enabling disaster recovery, but if you have your data properly backed up in a remote location, you’ll be in a much better position to deal with any sort of loss or breach.
In the end, Target and Anthem may benefit from the IRS hack by being pushed off the list of recent breaches, but you can benefit from it, too, by being kept off the list of future ones.