Physical Office Security

Connie Ferrell, EA
This Week's News
July 7, 2017

The cybercrime wave is out of control, and we are made painfully aware of the importance of procedures to make our computers as safe as possible:

  • Strong passwords changed often for booting the computer and opening all programs;

  • Antivirus and malware programs; and

  • A strong firewall.

All of the above must be utilized and updated often to help us keep up with cyber criminals. But the criminals have other ways to get your data.  Tax offices are targeted for break-ins or smash and grab of computers and servers.  Service providers such as janitors and equipment repair people may have access to information, including client files or lists with client names.

Step back and take a fresh look at your physical office for potential data breaches.  Do you have a monitored alarm system?  Are your client files stored in locked rooms with limited access?  Are there client files stored on your or your employees’ desks?  Are your server and computer equipment visible from outside the office?  Is your computer equipment (especially the server) in a locked/secured area?  Do you have good deadbolts and locking exterior doors?  Do the windows open and are they secure?  Do you have good lighting outside at night?  What kind of information lists are posted on the walls or calendars?

In the process of updating our server, listening to the IRS webinar on data breaches, and listening to other tax professionals talk about their experiences, we felt it was time to change a few things.  We are creating a locking cage bolted to the wall to hold the server and equipment, because they are not in a locked room.  We have added additional layers of strong passwords for desktop computers and programs in order to limit unauthorized access.  We are changing all the exterior door locks, as they are over 20 years old and worn out.  We are adding locks to some interior doors.  We removed all lists from the walls.  Employees are required to clean off their desk before leaving every day, and must lock up files in a fireproof vault room with a separate dead bolt and limited access.  We are cleaning up and cleaning out everything in our offices, so as to remove sensitive information and limit access to janitors and service people.

We have also purchased additional insurance for data breaches, costing just under $2,000.  Business liability insurance and E&O insurance do not anywhere near cover the damages from a data breach, which can be in excess of $250,000.  The data breach insurance application was also a factor in taking a fresh look at the physical office.  Making some changes to secure the office is cheap insurance!