SAFEGUARDING TAXPAYER DATA
7
y Reduce the power (wireless range) so you are not broadcasting
further than you need. Log into your router to WLAN settings,
advanced settings and look for Transmit (TX) power. The lower the
number the lower the power.
y Change the name of your router (Service Set Identifier - SSID) to
something that is not personally identifying (i.e., BobsTaxService),
and disable the SSID broadcast so that it cannot be seen by those
who have no need to use your network.
y Use Wi-Fi Protected Access 3 (WPA-3).
y Do not use Wired-Equivalent Privacy (WEP) to connect your
computers to the router; WEP is not considered secure.
y Do not use a public wi-fi (for example, at a coffee café or airport) to
access business email or sensitive documents
Use of multi-factor authentication (discussed earlier) and a secure
Virtual Private Network (VPN) should be minimum standards for remote
access to the firm’s office network. A VPN provides a secure, encrypted
tunnel to transmit data between a teleworking employee and the
company network. Search for “Best VPNs” to find a legitimate vendor.
Some firms issue laptops to teleworking employees in order to control
the IT environment..
Protect Stored Client Data
Cybercriminals work hard through various tactics to penetrate your
network or trick you into disclosing passwords. They may steal the
data, hold the data for ransom or use your own computers to complete
and file fraudulent tax returns. Here are a few basic steps to protect
client data stored on your systems:
y Backup encrypted copies of client data to external hard drives
(USBs, CDs, DVDs) or use cloud storage; keep external drives in a
secure location; encrypt data before uploading to the cloud. This is
your best protection against ransomware attacks.
y Use drive encryption to lock files and all devices; encrypted files
require a password to open.
y Avoid attaching USB drives and external drives with client data to
public computers.
y Avoid installing unnecessary software or applications to the business
network; avoid offers for “free” software, especially security software,
which is often a ruse by criminals; download software or applications
only from official sites.
y Perform an inventory of devices where client tax data are stored, i.e.,
laptops, smart phones, tablets, external hard drives, etc.; inventory
software used to process or send tax data, i.e., operating
systems,browsers, applications, tax software, web sites, etc.