2016 Office System Security Checklist
Protect your practice and don’t be a target of hackers. Review these 20 tips and implement them in your firm to keep client information safe and secure.
Tax preparer offices are now becoming the focus of hacker attacks. The following security checklist provided by TaxSpeaker is from their 2016 technology and security classes and provides very useful information to protect your practice and your clients’ information.
| OFFICE SYSTEM SECURITY CHECKLIST | Complete |
| 1. Encrypt all hard drives on all machines with confidential data | |
| 2. Turn off systems at night, weekends and vacation (n/a-servers) | |
| 3. Reboot computers as you leave for appointments & lunch, logging back in when you return | |
| 4. Require passwords to access the start screen on all smart phones, tablets and laptops | |
| 5. Establish a password with 8 characters of letters, numbers and wildcard character, memorize it and do not share it; and utilize DashLane password software | |
| 6. Install and update an antivirus/anti-phishing and firewall security suite program on all systems (We use & recommend BitDefender) | |
| 7. Implement physical security standards: power down systems when leaving, locking up portable devices, securing server rooms | |
| 8. Implement a “no-click” policy on email links | |
| 9. Restrict remote access to data by all owners and employees, implementing a written office-wide policy and VPNs rather than remote log-in software | |
| 10. Change default passwords and addresses on all devices including routers, computers, tablets, smart phones and software | |
| 11. Practice invisible client interviews: clean desks, files locked away, and computers turned off; or perform all interviews in conference rooms without computer system access. Never allow a client unaccompanied in any room with a computer or file | |
| 12. Establish written standards for work-at-home situations requiring secure rooms, no-access to computer policy except by staff, system shut down at all times when absent. See TaxSpeaker® Telecommuting policy | |
| 13. Perform employee background checks similar to banking institutions | |
| 14. Redact all client SSN’s, firm EFIN & personal PTIN on all documents | |
| 15. Never provide a client or outsider with Wi-Fi access in your office | |
| 16. Never, ever use public Wi-Fi including planes, airports, restaurants unless through a secure VPN or using encrypted email | |
| 17. Accept client data only by portal upload, physical visit or surface delivery | |
| 18. External mail boxes and drop off areas must be locked and secure | |
| 19. Change Wi-Fi and all logins upon dismissal, retirement or job change of an employee | |
| 20. Implement, educate and enforce a company-wide computer/internet use policy. See TaxSpeaker® Computer/Internet Use policy |
This checklist was provided by:
