The Security Summit is acutely aware that many Americans have been working from home due to coronavirus-related safety precautions taken by local authorities and businesses. Following a rigorous data security plan is a cornerstone of any sound business strategy, and that need is amplified whenever digitally transmitting and receiving sensitive financial information—especially if those data exchanges are routine.
This week, the Summit is raising awareness of Virtual Private Networks (VPNs) as part of their ongoing “Working Virtually: Protecting Tax Data at Home” campaign. Despite being the halfway point of the five consecutive weekly outreach events, tax professionals may be the least familiar with this particular topic. (I was pretty murky about VPNs prior to regularly writing about data security, so don’t feel alone if you need an explanation!)
How does a VPN protect my data?
Virtual Private Networks protect against cyberattacks by encrypting your online traffic. Whether you describe Internet connections as “tunnels,” “highways,” or “a series of tubes,” the analogy tends to leverage familiar interconnected systems. When the IRS explains that a VPN establishes an “encrypted tunnel” for remotely accessing your office network, they’re simply saying that the transmitted data is unreadable to people who don’t have the software equivalent of a decoder ring.
The Security Summit warns that “failure to use VPNs risks remote takeovers by cyberthieves, giving criminals access to the tax professional’s entire office network simply by accessing an employee’s remote internet.” In other words, finding the right VPN can keep your network traffic safe from prying eyes, which means it is an essential part of a well-rounded data security plan. Luckily, the press release also outlines some basic tips for choosing a VPN.
How do I choose the right VPN?
The Summit says that consulting with a cybersecurity expert is ideal when shopping for a VPN. Honestly, this advice applies to all things data security, but—as they note in the release—this may not be an option for your budget. Barring professional help, they recommend “[searching] for ‘Best VPNs’” or reading trusted sources for recommendations. That said, do not click on VPN pop-up ads you see on websites or social media, since they can be used to install malware on your devices.
We asked Suzanne Vanderpool, our Chief Compliance Officer, for advice, and she underscored the need for taking time to research the available products. “I want to stress the importance of getting a highly rated, purchased VPN with multi-factor authentication—which you need to enable,” Vanderpool explains. “We see so many account takeovers from free versions of VPNs, so you need to be careful.”
How do I use a VPN at my tax office?
The Security Summit cited implementation tips from the Homeland Security Cybersecurity and Infrastructure Security Agency. Here are a few:
You probably recognize recommendations like “keep software updated” and “teach staff about phishing tactics.” After all, cybercriminals are more than happy to take advantage of security holes with malware, and their job is even easier when users neglect basic maintenance, like installing the updates that plug those leaks.
Remember, identity thieves view your tax office as a gold mine that they can exploit. From filing fraudulent returns using your credentials to simply selling stolen client information on the Dark Web, criminals have a number of avenues to make money. The obvious risk to your business and clients highlights the necessity of creating a living data security document that you update as needed. It turns out that a significant number of tax professionals having to adapt to a telework setup is just such an occasion.
Source:IR-2020-176