[IMGCAP(1)]Could those Form 4868 extensions that you’re filing for your clients turn tax procrastinators into prey?
These sensitive documents include personal information such as Social Security numbers, income and banking details and more—making them an appetizing addition to April’s cybertheft menu and a privacy compliance exposure.
If this important data falls into the wrong hands—whether through a recipient email address typo or a cyberattack—it could potentially lead to falsified tax returns and other identity theft risks, keeping hard-earned money out of deserving individuals’ and companies’ accounts—and in the pockets of the cybercriminal or identity thief instead.
In today’s collaborative, “always on” environment, file sharing employing multiple methods, users and devices is pivotal to any organization’s success. The majority of tax extension documents will be sent around internally between accountants—and externally for their clients’ review—likely over insecure email servers.
But in the rush to get these forms approved and submitted, it’s critical to remember that once a file leaves a protected network or application repository, there’s no control over its use. Furthermore, as consumers and on-demand accounting staff increasingly use personal mobile and storage devices, they also introduce unauthorized disclosure risks.
The result is that as hackers become more sophisticated and online fraud increases, financial institutions, especially accounting firms during tax season, are increasingly challenged to keep client data safe. Furthermore, evolving local and global standards to comply with industry and regulated data protection specifications, such as PCI-DSS, SB-1386 GLBA and FINRA, require due care with personal identifiable information (PII) and financial records. Failure to comply can lead to monetary losses, penalties and damage to a reputation or brand.
Incidents involving the loss of PII are disturbingly common. The 2015 State of File Collaboration Security report by Enterprise Management Associates revealed that 80 percent of IT and information security professional survey participants were aware of data leakage incidents in their organizations, and 50 percent experienced frequent incidents. The survey cited inappropriate file sharing with others inside the organization, with those outside the organization, and through malware and hackers as the most likely causes of data leakage.
Financial services firms need solutions that not only thwart hackers and insider threats, but also protect information in the event files are exposed by inadvertent emails, lost portable storage devices or undocumented transfers. The best approach to prevent data leakage this tax season—and year round— is to secure sensitive files through strong encryption and usage control the moment they’re destined to be shared.
Today’s most advanced file security platforms allow security to remain persistent wherever a document goes and across all communication channels, including email, cloud and even client computers. These platforms allow the file owner to apply file encryption and usage controls (e.g. view, duration, edit, save, watermark and print) locally in an intuitive interface and prior to sending a file to a recipient.
The resulting secured file can be stored, sent and shared using existing methods from email and uploaded to a USB thumb drive. What distinguishes a file collaboration solution is the capability to easily and transparently enforce security after the file leaves the owner’s hands and according to necessary policy. This protection persists with authorized and unauthorized recipients, enabling business while closing data leakage gaps.
For instance, if an unauthorized recipient tries to open the file, the solution will deny decryption and log the illicit attempt details. The file owner can also dynamically modify recipients and permissions, and can do so directly or by request from an authorized recipient. Finally, if the file owner decides to remotely delete the file, the security platform will revoke all permissions, block any decryption attempts—and even automatically delete the file on the unauthorized recipient’s system.
Why expose your procrastinating customers as prey to hungry hackers? Better yet, enable business by showing your clients enhanced data protection capabilities. New persistent file security tools make it possible to keep your customers’ trust and preserve your reputation, even during the tax extension rush.
Scott Gordon, COO of FinalCode, Inc., has helped evolve security and risk assessment technologies at both startups and large organizations. An infosec authority, speaker and writer, he is the author of Operationalizing Information Security and the contributing author of the Definitive Guide to Next-Gen NAC. Scott holds CISSP-ISSMP certification.
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access