2016 Office System Security Checklist

Protect your practice and don’t be a target of hackers. Review these 20 tips and implement them in your firm to keep client information safe and secure.

Tax preparer offices are now becoming the focus of hacker attacks. The following security checklist provided by TaxSpeaker is from their 2016 technology and security classes and provides very useful information to protect your practice and your clients’ information.

1. Encrypt all hard drives on all machines with confidential data
2. Turn off systems at night, weekends and vacation (n/a-servers)
3. Reboot computers as you leave for appointments & lunch, logging back in when you return
4. Require passwords to access the start screen on all smart phones, tablets and laptops
5. Establish a password with 8 characters of letters, numbers and wildcard character, memorize it and do not share it; and utilize DashLane password software
6. Install and update an antivirus/anti-phishing and firewall security suite program on all systems (We use & recommend BitDefender)
7. Implement physical security standards: power down systems when leaving, locking up portable devices, securing server rooms
8. Implement a “no-click” policy on email links
9. Restrict remote access to data by all owners and employees, implementing a written office-wide policy and VPNs rather than remote log-in software
10. Change default passwords and addresses on all devices including routers, computers, tablets, smart phones and software
11. Practice invisible client interviews: clean desks, files locked away, and computers turned off; or perform all interviews in conference rooms without computer system access. Never allow a client unaccompanied in any room with a computer or file
12. Establish written standards for work-at-home situations requiring secure rooms, no-access to computer policy except by staff, system shut down at all times when absent. See TaxSpeaker® Telecommuting policy
13. Perform employee background checks similar to banking institutions
14. Redact all client SSN’s, firm EFIN & personal PTIN on all documents
15. Never provide a client or outsider with Wi-Fi access in your office
16. Never, ever use public Wi-Fi including planes, airports, restaurants unless through a secure VPN or using encrypted email
17. Accept client data only by portal upload, physical visit or surface delivery
18. External mail boxes and drop off areas must be locked and secure
19. Change Wi-Fi and all logins upon dismissal, retirement or job change of an employee
20. Implement, educate and enforce a company-wide computer/internet use policy. See TaxSpeaker® Computer/Internet Use policy

This checklist was provided by:


Say something about this...
Share on Facebook
Tweet about this on Twitter
Share on LinkedIn
Email this to someone
Print this page