9 Tips to Help You Protect Your Practice From Cybercrime

It only takes one employee to jeopardize your company’s cybersecurity.

In news release IR-2018-170, the IRS has advised tax professionals to increase their security measures due to a 30% increase in reports of data thefts from last year.

Below are some tips from the IRS and its Security Summit to help you protect your practice from cybercrime:


  1. Before you hire a new employee who will be dealing directly with client information, conduct a background check and make sure they sign a confidentially agreement. Also ensure that they understand how to handle client information so that there is no breach in a client’s privacy.
  2. Try to limit how much contact an employee will have with your client’s information. Only give employees the minimal access they would need to complete their job.
  3. Make sure that your employees are using strong passwords, with at least 8 characters. Passwords should have both upper and lower case letters, numbers, and symbols.
  4. Require your employees to have a setting on their computer that will automatically lock their screen after a period of inactivity. This will require them to input their password once they are back on their computer. Also make sure that employees have software installed on their devices that will protect them from viruses, spyware, and other unauthorized intrusions.
  5. Employees should store computers and other electronic devices carefully and securely when they are not in use to minimize the amount of people that come into contact with those devices.
  6. Train your employees to lock rooms and filing cabinets where client records are stored. Make sure that if your employees are sending or storing client information electronically, all information is encrypted.
  7. Teach your employees to report all suspicious behavior online as a precaution.
  8. Ask your employees to avoid using public wifi networks when they are using a device that has client information on it.
  9. If an employee is no longer working for you, delete their user accounts on all platforms to prevent the risk of hacking and leaking client information.


What do you do to ensure that your client’s data is safe? Leave your tips in the comments below!