The security of client data needs to be of the utmost importance to accounting firms. Online thieves have become more sophisticated in recent years. At the same time, it has become increasingly difficult for users to protect their identities and online credentials. Many common actions can put a firm user or client user at risk of having their password stolen. This can lead to a number of problems from identity theft to fraudulent tax returns being filed.
To provide an extra layer of protection for client data, even if a user’s password is compromised, Wolters Kluwer is implementing a multi-factor authentication solution. We call this feature 2-Step Verification.
Why you need 2-step verification
In a previous post, I discussed what multi-factor authentication is. Today, I want to explain in more detail why you need it.
Primarily, it’s to safeguard your clients’ sensitive financial data and to protect your firm’s good name and reputation. By requiring multi-factor authentication, you can greatly reduce fraud and identity theft resulting from stolen user credentials.
Cybercriminals are becoming incredibly sophisticated. Their phishing attacks now take place on phony websites, via phishing emails, through automated telephone calls, and through malware. Stealing passwords to access online accounts, stealing the data, and then filing fraudulent returns is a multi-billion dollar industry for these criminals. And they’re good at what they do. Consider all the recent data breach announcements. Just this week, one of the three largest credit reporting agencies in the U.S., announced that up to 143 million Americans could have had their personal information stolen by a hacker.
Therefore, we must all be hypervigilant when we are online and when accessing our personal and even work email.
Employees are vulnerable too
Clients aren’t the only users who need to be concerned. Firm staff can also fall victim to these same attacks. They may not protect their passwords, or frequently change their passwords. When setting security questions, they may use answers that other firm staff or known associates could easily guess such as a pet’s name. Disgruntled staff can really wreak havoc if they can guess a partner’s password, for example. This past tax season, I’ve heard about this happening on a few occasions.
If a staff person were to fall victim to a phishing attack, consider what the consequences might be if a cybercriminal could log in to your Portal account. For example, they could gain access to all your clients’ files that staff person has access to. These might include tax returns, copies of drivers’ licenses and more. Without a 2-step verification system in place, the bad guy has unrestricted access, based on the user’s permissions.
Protecting your client portals
Your firm should want to project a very professional, tech-savvy image to your clients. Many of your clients are familiar with online security will recognize and appreciate that you have implemented a multi-factor authentication solution for your Portal. You may need to explain to some other less tech-savvy clients. However, once they understand how it can protect them, they usually accept it.
With multi-factor authentication, would-be cybercriminals would not be able to gain access to a client’s account, even with their password. After verifying the login credentials, Portal’s 2-Step Verification feature would identify that the “user” has never connected to Portal from that machine. It would then require the “user” to receive a one-time passcode on the user’s registered/validated telephone or email. They must then provide that code within 5 minutes to verify the user’s identity. This will deter criminals because they would need physical control of the user’s mobile device, or would need immediate access to the user’s email address.
A familiar concept
Be sure to let clients know this is the same type of verification system they use on their banking and credit websites, Gmail, Facebook and Twitter. Your clients may not realize it, but they’ve probably been using multi-factor authentication for years. The most common and familiar example of multi-factor authentication is the ATM. ATMs require you to provide something you have (your ATM/Debit or Credit card), and requires something you know (your private PIN #). The ATM grants access to the account only when it has the correct combination of these two factors (knowledge and possession). This example can help even the most reluctant client understand that they’ve been using multi-factor authentication for much longer than they probably knew.
Tax season preparation
As the 2017 tax season quickly approaches, I strongly encourage you to enable Portal’s 2-Step Verification feature. You don’t want to receive a call from your client because their return was rejected because they’ve already filed. And you really don’t want to spend all the time, effort and money involved in investigating, reporting and handling client notification. Rest easier this tax season, knowing that your clients data is safer than it’s ever been after enabling 2-Step Verification.