Data security doesn’t only depend on the platform but your processes as well, so what is your plan this year to help prioritize cybersecurity?
If we’ve learned anything from data breaches and flat-out attacks, no platform that exists today is 100 percent secure; there’s only what’s comparatively safer. We’re in a connected world, and thinking that housing everything on your own servers and expecting desktop applications will save you, it won’t, despite cloud-related incidents getting all the press.
The most recent example of a security alarm in the accounting space came this past week with TaxDome, a bit of a rising star in the practice management space among tax pros and accounting professionals alike. However, like many tech companies, they are not impervious to breaches, which is what happened.
Whether it was by human error or something more nefarious, by all accounts, it was brief, and the issue was ‘corrected” quickly. This was not before setting off a firestorm of worry among new and existing users.
What happened was all users that used TaxDome’s Tags feature had their data temporarily accessible to every other user on the platform via the Reporting feature. This was not long after their Signature requests apparently let anyone with that link view social security numbers on a document.
From a PR perspective, one could say, “damage done,” users lost, never using it again, and lots of finger-pointing at cloud platforms not being safe. Once again, the fact is, no platform is 100%, and it’s all about how a company, and especially your firm, if/when a data security issue happens, responds.
Each year it seems some high-profile event happens around Tax Season, either an outage, a breach, or some other related matter causing both platform owners and users alike to scramble. The point is to focus more on what you can control and not lose your mind or your faith in your investments or technology in general when things go wrong.
You made investments in technology for a reason. Do yourself a favor and don’t pack it all in when there’s a problem, or you don’t like how a company handled a situation.
Have a plan of your own. For a growing number of firms, that means having a WISP (Written Information Security Plan); in fact, some states require it. Whether you have one or not, you do need to have some plan in place that spells out how you respond to any security issue that impacts your business or your clients. It’s not even a nice-to-have or should-have; being in the data business in the connected age it is a must.
To me, there is a lesson here. Not just with the TaxDome issue, but with any that have happened before and any that will come (and they will). I still speak to too many firms that treat data security, and having a plan for it, like people treat natural disasters. They’re not going to worry about it, or do much about it, until it happens to them, or “someone they know.”
Today, entering the 2nd quarter of the 21st century, that is the wrong approach and a potentially dangerous one to boot. In short, good people of the accounting profession, tax pros in particular, go into this season, this year, knowing what to do if and when a data security issue happens either internally or with one of your providers. Your staff, and your clients, will thank you for making it a priority.