If you were to ask an insurance agent whether or not your business needed data breach insurance, they would ask if your company collects any of the following types of information.
- Social Security Numbers
- Banking/Financial Information
- Credit Cards/Debit Cards/Other Payment Cards
- Health Information & Medical Records
If you’re in the tax industry, the answer to all of those is yes. At The Income Tax School and Peoples Tax, cybersecurity is at the forefront of our minds. While we are always looking for ways to increase cybersecurity, we also want to make sure we protect ourselves and our clients in the event of a data breach. If you’re a tax business owner, you should do the same.
A data breach could be a catastrophe, easily resulting in potential bankruptcy. Legal services, investigative services, call center support needs… it all adds up. IBM recently estimated that the average data breach costs $4 million; last year, the number of U.S. data breaches hit an all time record. Between the cost and the increased risk, data breach insurance is something tax business owners should seriously consider.
A good data breach policy does three key things:
- Takes protective measures to guard against the loss of sensitive consumer information.
- Reacts swiftly and comprehensively to a data breach when it occurs.
- Covers the incident response costs, which can include legal services, forensic investigations, notification mailings to impacted individuals, call center support, credit monitoring, and fraud remediation expenses.
Data breaches can happen even if you’re doing all the right things, which is why getting coverage is crucial. That being said, here are some of the most common ways a data breach can happen.
- Criminals obtain access to account information from lost or stolen laptops, backup drives or smartphones.
- Criminals obtain access to stored or shredded documents left unsecured on your premises.
- Criminals hack into your database.
- Criminals con employees into divulging passwords and login credentials.
In addition to data breach insurance, you should also make sure you have the following security controls in place.
- Anti-Virus Software
- Password-protected computers, laptops, and other mobile devices
- Secured wireless connectivity for laptops and other mobile devices
- A Firewall
- Data stored on laptops, back-up tapes, or other portable media is encrypted
- Annual training for employees concerning data security and the handling of personal information
You should also be training staff on cybersecurity best practices. There are a lot of fraudsters out there with phishing scams that target internal staff – especially in the tax industry. One of the popular phishing scams right now targets tax preparers via email. The email appears to be a notification from your tax software provider and warns that your account has been locked. It prompts you to enter your login credentials in order to “unlock your account”. But what it’s really doing is collecting login information that can be used to gain access to your client’s information. This is why it’s so important to train and educate staff on how data breaches happen and what to do to prevent them.
This year it’s going to be crucial that you take extra precautions to guard your information. That means staying on top of the latest scams, employing cybersecurity protections, and getting data breach insurance.