Protecting client data a bigger challenge this Tax Season

Written on Jan 11, 2018

By Molly Kowaleski, content & community manager

Code - abstractU.S. companies on average lost $7.35 million after a data breach in 2017.

The average across the globe was $3.62 million, according to the 2017 Ponemon Cost of Data Breach Study, sponsored by IBM.

While this number is scary (or should be, especially for small businesses), here are a few other facts from Verizon’s 2017 Data Breach Investigations Report, that illustrate how simply a cyberattack can occur, even at your organization:

  • 75% of breaches were perpetrated by outsiders, which means only 25% involved internal actors.
  • 62% featured hacking, while 51% included malware.
  • 81% leveraged stolen or weak passwords.
  • 66% of malware was installed via malicious email attachments.

And, perhaps most alarmingly, 61% of the data breach victims in Verizon’s 2017 report were businesses with fewer than 1,000 employees.

A multi-million-dollar hit to a company of that size can be catastrophic, as Steve Strauss points out in this USA Today piece.

And, to compound the problem, David Reedy, senior consultant and managing partner at CyberRisk Management, says many organizations are not doing enough to protect their data, especially as tax season approaches.

“The vast majority of tax preparers are not doing anywhere near enough to protect data. Some of them are doing so little, they would not even know if or when they are breached,” he said.

Reedy and Jason Guyler are consultants who specialize in data protection and cyber preparedness.

“The best advice I can give, especially before (CPAs) go headstrong into tax season, is get some basic training on what phishing scams are, how to spot them and how to handle them,” said Reedy.

As email attachments still account for two-thirds of all data breaches, it’s important to assess your organization’s security risks, train employees, create security policies and employ vendors or resources that will defend your organization.

“The Financial Planning Association’s Research and Practice Institute recently stated that only 4 in 10 financial advisors understand the issues and risks associated with cyber security; but 81% of them stated it is a major concern,” Guyler said. “This reflects a significant disconnect between the importance companies put on protecting data and the implementation of a program to protect the data.”

He maintains that protecting your clients’ data is not only a matter of reputation, but also regulatory compliance. The penalties for lack of compliance may include hefty fines or even imprisonment.

Before filing this year, ensure that you and your employees have robust security software in place and review your current security measures and policies. If you haven’t already, it also is a good time to review educational resources about phishing, malware and other scams that could compromise your data.

To learn more or inquire about cybersecurity training for your team, click here or contact the team directly at

Leave a comment