SmartVault can help you protect your files and stay in compliance. To learn more, join a webinar ›

Is Your Client Data At Risk?

Know Your Risk,
and How to Protect

Tax Docs Are An
Identity Thief’s Dream

  • Social Security Number

    Social Security

  • Employers


  • Financial Information


  • Addresses


  • Employer Identification Number


Personally Identifiable
Information to the extreme

What They Do With The Data

  • Steal your identity

    Steal your

  • Access your funds

    Access your

  • Forget your tax return and get your refund

    Forget your
    tax return and
    get your refund IRS estimates
    21 billion in 2016

  • Get medical care

    Get medical
    Treatments, equipment, Rx

  • Increase your premiums

    Increase your

  • Tarnish your record

    Tarnish your

and you get the bills

How Most Docs GetCompromised

Social Engineering

A method of tricking people into getting
credentials or sensitive information


Very common and highly
effective way of getting
your sensitive info.

Could come in the form of:

  • A phone call from a manager,
    client, service provider
  • An onsite visitor in disguise

Studies show 80+% success rate



Assume any stranger
asking for information
about you is up to
no good!
  • Challenge and verify
    ID of requestor
  • Don’t give confidential info (SS#) just because they ask.

TIP: Most legitimate requests for information don’t come by phone.


A digital equivalent of social engineering


Phishing is a form
of social engineering
that happens online.

Could come in the form of:

  • An official-looking
    email asking for info.
  • Invite to click on a
    link to a phony site where you’re asked for username and password.
Phishing Risk
Phishing Defense


Trust no one!
  • Assume unsolicited email
    is fraudulent; don’t follow
    links in email.
  • Look at the URL and verify
    the certificate is using SSL.

TIP: If you’re asked to log in to a site, don’t go there from email—just type in the web URL.

Physical Access / Shoulder Surfing

Getting access to your data can be as simple as looking
over your shoulder, or walking into your office


Your data is at risk if others can access your:
  • Hard copies of documents.
  • Computer (do you have a post-it note with your password on it?)
  • Screen by looking
    over your shoulder.
Physical Access / Shoulder Surfing Risk
Physical Access / Shoulder Surfing Defense


Control your physical space by using:
  • Keys, badges, and strict visitor policies.
  • Locked file cabinets for hard copies of documents.
  • Privacy screens and confidential passwords to protect your computer.
Expired Access

Vulnerabilities arising from granting more access than is needed—
like disgruntled employees who haven’t been removed


Most attacks are inside jobs. Consider who has access to your systems and information:
  • Have all former employees been removed from your systems?
  • What about contractors, vendors, or even customers who no longer need access?
Expired Access Risk
Expired Access Defense


Establish an info security policy:
  • Strictly enforce rules about who can access what.
  • Follow the principle of least privilege— only give people the minimum access they need to do their jobs.
  • Discontinue access when no longer needed.
Dumpster Diving

Obtaining sensitive info by accessing your physical trash


Inappropriate disposal
of data such as:
  • Paper documents containing sensitive info.
  • Backup disks / tapes.
  • Hard drives that can be easily restored.
  • Old mobile devices that aren’t protected.
Dumpster Diving Risk
Dumpster Diving Defense


Clear, Purge, and Destroy physical data:
  • Cross-cut shred paper documents to 1x5mm.
  • For disks, drives, and other devices, clear the format, purge the data, and destroy the media itself.

TIP: Smashing hard drives can double as a fun way to blow off steam!

Vulnerable Machines

A computer with a security vulnerability is bait for attackers


Unprotected machines
are at risk of:
  • Malware / viruses that corrupt or spy on data.
  • Keyloggers that track your key strokes.
  • Ransomware that holds your data hostage for a fee.
  • Brute forced access to your accounts.
Vulnerable Machines Risk
Vulnerable Machines Defense


Protect your
machines by:
  • Keeping your OS and apps up-to-date.
  • Using a firewall and updated antivirus software.
  • Picking and rotating strong passwords.
  • Avoiding phishing scams by not clicking links in email.

TIP: Using a password manager app is a secure and easy way to create and manage complex passwords.

Vulnerable Networks

Data that is vulnerable to open, unencrypted networks


Unprotected networks
are at risk of:
  • Network sniffers that allows attackers to read net traffic.
  • Wireless sniffers that capture unencrypted WiFi traffic.

HINT: Starbucks WiFi is an attacker’s playground.

Vulnerable Networks Risk
Vulnerable Networks Defense


Secure the local connection, server connection, and the data itself.
  • Only use password protected WiFi, and don’t join random hotspots.
  • Use a VPN to connect to your office, and SSL to connect to the Web.
  • Don’t email sensitive info—use a secure portal like SmartVault.


  • Take the steps above to assess your risk.

    Take the steps above to assess your risk.

  • Shore up your vulnerabilities by putting a security policy in place

    Shore up your vulnerabilities by putting a security policy in place

  • Train your staff and your clients on how to protect themselves

    Train your staff and your clients on how to protect themselves

  • Use your leadership position with clients to discourage them from using email to send sensitive data.

    Use your leadership position with clients to discourage them from using email to send sensitive data.


SmartVault is secure document storage and file sharing that
can help defend against vulnerable networks and machines.

It gives accountants a secure and easy way to
store, manage, and exchange files with clients.

To see a demo of SmartVault, click here.