By Lee Pender on August 27, 2020 minute read

Accounting Firm Security: How to Go Beyond the IRS Security Six


Client Data Protection Is Mandatory

As if data security wasn’t important enough already, accounting firms now have to comply with specific IRS rules for keeping client information safe. Last year, the IRS defined the “security six,” or six areas in which firms must comply with security regulations in order to operate legally.

Failure to meet IRS requirements can lead to fines, compensatory costs another financial losses for firms. Beyond what the IRS requires, security slips can lead to a loss of both potential and existing clients, as well as to a damaged reputation. Put simply, failure to properly protect client data can destroy a firm.

Essential Rules For Data Security

While the IRS Security Six serve as essential rules for how firms should lay out their strategies for protecting data, they’re really just the beginning.

At face value, each element of the Security Six seems obvious and simple enough:

  1. Antivirus software
  2. Firewalls
  3. Two-factor authentication
  4. Backup software services
  5. Drive encryption
  6. Virtual private network (VPN)

But a closer look reveals that implementing each of those security elements successfully actually requires making critical decisions, planning carefully (with IRS resources like Publication 4557) and committing to at least some level of investment.

For instance, in today’s highly distributed and mobile environment, just installing antivirus software on company-owned computer isn’t anywhere near enough. There are employees’ personal computers as well as mobile devices to consider. Or consider firewalls, which require regular updating in order to be effective—and not always at scheduled intervals. Security is a constant, daily challenge, from the top of the security six to the bottom.

Just ask these anonymous tax professionals turned cyber crime victims, who are now “offer[ing] an opportunity for the tax community to learn from these common mistakes and avoid a devastating data loss for their clients and their business.”

And the list isn’t comprehensive, either. Firms need to manage other areas of data protection, including server security, password security, system patches and even voicemail. Each of those areas of security comes with its own challenges and potential pitfalls, even though they don’t fall under IRS requirements.

How to Go Beyond IRS Security Six

Managing security can seem overwhelming, but it doesn’t have to be. Staying in line with the IRS security six and protecting client data is possible with the right amount of planning—and with the right partner.

Outsourcing elements of data security to a cloud provider can help firms mitigate the logistical, financial and legal challenges involved with staying compliant with the security six and keeping client data locked up tight.

In this eBook, learn the specific requirements involved with the IRS security six and how to meet the challenges of each area the IRS addresses. Then learn how to go beyond IRS requirements and completely solidify protection of client data. Download the new eBook now.


Recommended For You

10 Haunting Facts about Cyber-attackers and the Victims They Prefer


Have questions? We are here to help.

Give us a call at 888-210-0237.

Want to hear from us?

Join our mailing list and get all of the latest news delivered straight to your inbox.