Last week, the transformer supplying power to the downtown area went down during a particularly nasty thunder storm. After gathering my things and cranking the truck, I braced myself: there were no working traffic lights for several blocks, and my way home was littered with four-way stops. To my surprise, the other drivers weren’t just orderly; they were taking more precaution than usual.
It made me think about the role that developing good habits plays in preventing panic. Traffic lights might be the automated security systems that keep us from crashing during our daily commutes, but the four-way-stop procedures we learned during driver’s education are back-up, active security measures. Translating that to a tax office means thinking about the automated systems and security habits needed to prevent catastrophic data loss.
“By failing to prepare, you are preparing to fail.” – Benjamin Franklin
Security programs are a great analogue for traffic lights: these programs run in the background, automatically identifying common threats and blocking unwanted access to your systems.
If you’re a hands-on kind of person when it comes to tech and want to save a few bucks, then you might consider building your own custom security suite (this is what I’ve done, and I lovingly refer to my ragtag collection of free software as the “Not-That-Norton Security Suite”). That being said, not everyone has the time (or patience) to micro-manage their security software. And when you couple the time savings with having customer support, those commercial suites begin to sound really appealing.
Whichever way you end up going, make sure to at least have the following programs: antivirus, anti-spyware, and firewall software.
Antivirus software is probably the most recognizable, broadly understood security software available. Antivirus programs usually provide manual (or scheduled) virus scans and background prevention while you surf the Internet, and they can be standalone programs or come as part of a larger suite of products. Just make sure to keep your antivirus up to date: it can’t block viruses that it hasn’t been taught to identify.
Anti-spyware is often included in security software suites, and its primary function—as the name implies—is to stop spyware from tracking your online activity and causing significant system slowdown. According to a ZDNet article by Suzi Turner, there’s disagreement about whether cookies are considered “spyware” in the traditional sense, but everyone agrees that Trojans and other similar forms of malware qualify. Regardless, having anti-spyware installed is another hurdle for bad actors who want to either get their hands on your data.
At first blush, firewall software sounds a lot like an antivirus program: you run one to block potentially malicious traffic. The key difference? Antiviruses are dedicated to dealing with viruses; firewalls moderate traffic coming to and from your computer, and they can even be used to determine which programs can access the Internet—for example, I recently had to fiddle with my ISP-provided router’s firewall to give my Nintendo Switch access the Internet. If you’re starting to worry that you aren’t running a firewall right now, don’t: even if Windows Defender isn’t turned on, your router should have one built in.
”The best laid schemes o’ Mice an’ Men / Gang aft agley…” – Robert Burns
It should go without saying, but no plan is perfect. While my route was fortunate to not have any accidents, I did spy an ambulance heading in the opposite direction. As with the loss of traffic lights, everyone immediately knew what to do. Drivers in front of it pulled over, so EMS could more quickly reach the people in need of medical assistance. Data security similarly requires you develop habits that are second nature.
Don’t Click Links
Phishing scams are old hat, but they still ensnare victims every year. If you’re not expecting a specific email that’s asking you to click an embedded link or visit a linked website, then you should let those sleeping dogs lie. Honestly, all links should be treated with distrust: otherwise legitimate correspondence could be compromised. That’s why looking into client-facing portals for transmitting sensitive data are becoming more common.
Update All Applications
Look, we all get it. Windows updates often come at inopportune times and can disrupt your workflow. Here’s the thing: would you rather lose ten minutes or ten years of productivity? If your system gets infected with ransomware due to procrastination, clients probably won’t be as willing to trust your business with their sensitive information. Word of mouth can cut both ways.
Learn to Deal with Viruses and Data Breaches
If you suspect a computer is infected and it’s connected to the same router as other devices in your office (and in 2018, it probably is), you need to immediately unplug it from the network—viruses are sometimes designed to infect their neighbors. Next, run a virus scan. If the computer is infected and your antivirus or IT department can’t remove it, then the machine will probably need to be reformatted and restored via backup.
In fact, a secure backup—whether a third-party service or portable hard drive—is an excellent tool for dealing with a data breach. Ransomware in particular tries to hold your files hostage until the scammers receive payment from victims. If you’re not worried about losing the data, then the cybercriminals lose part of their leverage. The problem, of course, is that they now have access to all your files. That means notifying clients of the incident and trying to deal with the fallout.
Remember, tax professionals don’t just have to worry about the personal financial impact that comes with being a victim of tax-related identity theft. If cybercriminals get their hands on your tax prep credentials and client records, taxpayers who have done business with you will need to secure their credit information.
Ryan Norton, Contributor