Bloomberg Tax
Free Newsletter Sign Up
Bloomberg Tax
Advanced Search Go
Free Newsletter Sign Up

How Finance Professionals Can Keep Data Protected All Year Long

May 9, 2022, 8:45 AM

Although finance is often called an “all about numbers” profession, in truth, the success of tax and accounting professionals depends on the relationships they build, whether that’s with clients or colleagues. A relationship built on trust and mutual respect can ensure easy collaboration, productivity, and success for years to come.

How, then, should a finance professional begin to build these effective relationships? PwC’s 2021 Trust in U.S. Business Survey found that 62% of consumers believe “protecting data and cybersecurity” is a foundational element of trust. In other words, most people cannot trust a professional or organization that puts their sensitive data at risk. In fact, four in five consumers decide who to do business with based on a company’s reputation for data security. And the same would switch brands after a bad experience.

Despite this finding, financial organizations struggle with data protection, a problem that has only worsened during the Covid-19 pandemic. Shred-it’s 2021 Data Protection Report revealed that 52% of financial organizations have experienced a data breach, up 21% from the previous year. And while most financial services organizations understand the risks of poor data security, only 43% of them perform regular infrastructure auditing. Even fewer (38%) perform regular vulnerability tests. By not taking adequate action to prevent data breaches, financial organizations and professionals not only leave themselves vulnerable to legal action but also erode the trust they have with their clients and colleagues.

Tax and finance professionals often have access to their clients’ most sensitive information, including Social Security numbers, financial history, birth certificates (for new parents), and credit card information. To keep this information safe throughout the year and maintain a strong relationship with their clients, tax professionals should follow the following five steps:

1. Ensure Safe Storage of Information Throughout the Tax Preparation Process

Financial records and documents are a minefield of personal information. Professionals should store confidential paper documents, including receipts, credit card information, and forms that include a Social Security number or federal tax ID number, in a locked drawer until needed. If files are stored electronically, they should be housed in a protected computer (or network) that has cybersecurity measures in place, such as logical access controls, encryption, and monitoring/alerting capabilities.

Further, if tax preparers collect financial information from their clients electronically, then they must avoid doing so via email, which is not a secure data transfer method as distribution is difficult to control. Rather, tax professionals should offer a secure portal where clients can upload documents, which provides greater control over access, and files can be easily purged once the work is complete. When feasible, financial firms should also implement two-factor authentication, as a 2019 Microsoft report found that it significantly reduces the chances of a data breach.

Tax and financial organizations should also follow a clean desk policy—securely storing sensitive paper and electronic information when employees leave their workspaces—to prevent confidential data from getting into the wrong hands. Clean desks policies are not only crucial within office buildings but also in remote work settings, as another household member or guest could take or mistakenly throw away documents with sensitive information.

2. Watch Out for Tax Scams and Other Threats

The IRS continues to see fraudulent schemes, where dishonest people prey on individuals and businesses by tricking them into sharing confidential financial information or doing something illegal. Tax fraud happens so frequently that the IRS has created an annual list of the “dirty dozen” schemes for which the public should be watching out.

Fraudsters and other bad actors may also target tax organizations to try and gain access to their confidential information. Cyberattacks against large and small businesses alike continue to rise. In 2021 alone, hacking groups accessed the systems and confidential information of large companies including T-Mobile, Colonial Pipeline, JBS, and others. Many of these hacks began with a simple phishing email or compromised password. Companies that train staff to recognize these fraudulent emails and other common hacking tactics can better prevent data breaches and safeguard sensitive information.

3. Determine What Should Be Kept Once Taxes Are Filed

Finance professionals do not need to keep their clients’ tax information forever. In fact, keeping unneeded documents can increase vulnerability and risk. To save both physical and digital space and reduce the chances of a data breach, tax professionals should understand which documents should be saved and which should be discarded.

After filing an individual’s taxes, the IRS recommends saving any “evidence” that supports income or deductions and credits on the tax return, copies of tax returns from previous years, and essential records, such as birth and death certificates, citizenship papers, and marriage licenses.

On the other hand, the IRS recommends disposing of documents that no longer serve a purpose during tax season or any other period, including sales receipts, pay stubs, paid-out loan documents, and any paper that has been converted into a digital record. If a document does not specifically affect a person’s tax status or is not essential for future tax filings, it can and should be disposed of securely.

4. Properly Dispose of Old Tax Records and Other Unneeded Documents

Preventing data breaches does not end with determining which documents to discard; it is also important to dispose of those unneeded documents securely. Disposing of paper documents with confidential information in the garbage or recycling bin can increase the risk that someone will steal the information and use it for identity theft or other illegal purposes.

Shredding is one of the best ways to securely dispose of paper documents, and working with a professional document destruction service can help ensure that the shredding process is thorough, reliable, sustainable, and consistent with applicable data protection laws.

5. Communicate Actions

Clear communication and transparency are fundamental elements of strong, beneficial relationships between tax and finance professionals and their clients. It may be helpful to discuss security policies with clients during a meeting or outline them in an email. By proactively communicating these efforts, finance professionals and organizations show that they prioritize the protection of their clients’ personal data and lay the groundwork for trustful and effective relationships.

The stakes of a data breach are higher than ever, especially for tax and finance professionals. Taking these actions to protect confidential data is not only more efficient and cost effective than managing the aftermath of a data breach but can also protect the trusted relationship between finance professionals and their clients.

This article does not necessarily reflect the opinion of The Bureau of National Affairs, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Michael Borromeo is the vice president of data protection at Stericycle. He has over 23 years of broad and diversified experience in the fields of privacy and cybersecurity.

We’d love to hear your smart, original take: Write for Us