SmartVault can help you protect your files and stay in compliance. To learn more, join a webinar ›

Is Your Client Data At Risk?

Know Your Risk,
and How to Protect
Yourself

Tax Docs Are An
Identity Thief’s Dream

  • Social Security Number

    Social Security
    Number

  • Employers

    Employers

  • Financial Information

    Financial
    Information

  • Addresses

    Addresses

  • Employer Identification Number

    Employer
    Identification
    Number

Personally Identifiable
Information to the extreme

What They Do With The Data

  • Steal your identity

    Steal your
    identity

  • Access your funds

    Access your
    funds

  • Forget your tax return and get your refund

    Forget your
    tax return and
    get your refund IRS estimates
    21 billion in 2016

  • Get medical care

    Get medical
    care
    Treatments, equipment, Rx

  • Increase your premiums

    Increase your
    premiums

  • Tarnish your record

    Tarnish your
    record

and you get the bills

How Most Docs GetCompromised

Social Engineering

A method of tricking people into getting
credentials or sensitive information

Risk

Very common and highly
effective way of getting
your sensitive info.

Could come in the form of:

  • A phone call from a manager,
    client, service provider
  • An onsite visitor in disguise

Studies show 80+% success rate

vs

defense

Assume any stranger
asking for information
about you is up to
no good!
  • Challenge and verify
    ID of requestor
  • Don’t give confidential info (SS#) just because they ask.

TIP: Most legitimate requests for information don’t come by phone.

Phishing

A digital equivalent of social engineering

Risk

Phishing is a form
of social engineering
that happens online.

Could come in the form of:

  • An official-looking
    email asking for info.
  • Invite to click on a
    link to a phony site where you’re asked for username and password.
Phishing Risk
Phishing Defense
vs

defense

Trust no one!
  • Assume unsolicited email
    is fraudulent; don’t follow
    links in email.
  • Look at the URL and verify
    the certificate is using SSL.

TIP: If you’re asked to log in to a site, don’t go there from email—just type in the web URL.

Physical Access / Shoulder Surfing

Getting access to your data can be as simple as looking
over your shoulder, or walking into your office

Risk

Your data is at risk if others can access your:
  • Hard copies of documents.
  • Computer (do you have a post-it note with your password on it?)
  • Screen by looking
    over your shoulder.
Physical Access / Shoulder Surfing Risk
Physical Access / Shoulder Surfing Defense
vs

defense

Control your physical space by using:
  • Keys, badges, and strict visitor policies.
  • Locked file cabinets for hard copies of documents.
  • Privacy screens and confidential passwords to protect your computer.
Expired Access

Vulnerabilities arising from granting more access than is needed—
like disgruntled employees who haven’t been removed

Risk

Most attacks are inside jobs. Consider who has access to your systems and information:
  • Have all former employees been removed from your systems?
  • What about contractors, vendors, or even customers who no longer need access?
Expired Access Risk
Expired Access Defense
vs

defense

Establish an info security policy:
  • Strictly enforce rules about who can access what.
  • Follow the principle of least privilege— only give people the minimum access they need to do their jobs.
  • Discontinue access when no longer needed.
Dumpster Diving

Obtaining sensitive info by accessing your physical trash

Risk

Inappropriate disposal
of data such as:
  • Paper documents containing sensitive info.
  • Backup disks / tapes.
  • Hard drives that can be easily restored.
  • Old mobile devices that aren’t protected.
Dumpster Diving Risk
Dumpster Diving Defense
vs

defense

Clear, Purge, and Destroy physical data:
  • Cross-cut shred paper documents to 1x5mm.
  • For disks, drives, and other devices, clear the format, purge the data, and destroy the media itself.

TIP: Smashing hard drives can double as a fun way to blow off steam!

Vulnerable Machines

A computer with a security vulnerability is bait for attackers

Risk

Unprotected machines
are at risk of:
  • Malware / viruses that corrupt or spy on data.
  • Keyloggers that track your key strokes.
  • Ransomware that holds your data hostage for a fee.
  • Brute forced access to your accounts.
Vulnerable Machines Risk
Vulnerable Machines Defense
vs

defense

Protect your
machines by:
  • Keeping your OS and apps up-to-date.
  • Using a firewall and updated antivirus software.
  • Picking and rotating strong passwords.
  • Avoiding phishing scams by not clicking links in email.

TIP: Using a password manager app is a secure and easy way to create and manage complex passwords.

Vulnerable Networks

Data that is vulnerable to open, unencrypted networks

Risk

Unprotected networks
are at risk of:
  • Network sniffers that allows attackers to read net traffic.
  • Wireless sniffers that capture unencrypted WiFi traffic.

HINT: Starbucks WiFi is an attacker’s playground.

Vulnerable Networks Risk
Vulnerable Networks Defense
vs

defense

Secure the local connection, server connection, and the data itself.
  • Only use password protected WiFi, and don’t join random hotspots.
  • Use a VPN to connect to your office, and SSL to connect to the Web.
  • Don’t email sensitive info—use a secure portal like SmartVault.

PROTECT YOURSELF, YOUR BUSINESS, YOUR CLIENTS

  • Take the steps above to assess your risk.

    Take the steps above to assess your risk.

  • Shore up your vulnerabilities by putting a security policy in place

    Shore up your vulnerabilities by putting a security policy in place

  • Train your staff and your clients on how to protect themselves

    Train your staff and your clients on how to protect themselves

  • Use your leadership position with clients to discourage them from using email to send sensitive data.

    Use your leadership position with clients to discourage them from using email to send sensitive data.

PRO TIP

SmartVault is secure document storage and file sharing that
can help defend against vulnerable networks and machines.

It gives accountants a secure and easy way to
store, manage, and exchange files with clients.

To see a demo of SmartVault, click here.