Building more secure passwords, based on updated IRS guidance
IRS would like you and your finance team to bump “Create more secure passwords” to the top of your priority list for 2020.
The Taxman recently released new advice in honor of National Tax Security Awareness Week.
And it has some very specific guidelines when it comes to passwords.
Here’s what IRS expects of you and your finance team now.
Ditch passwords in favor of these
First and foremost, make sure every member of your accounting and finance staff has switched to using phrases instead of single words to secure your systems and software.
That was the No. 1 takeaway from IRS’s advice.
The primary benefit? Phrases are easier to remember so staffers won’t have to write them down somewhere prying eyes can see.
But there are a slew of other security precautions IRS expects you to take. Make sure everyone on your team knows about these steps to more secure passwords:
- Don’t use email addresses as user names if that’s an option
- Change all default or temporary passwords that come with devices
- Incorporate a combination of letters, numbers and special characters within your passphrase
- Don’t simply update passwords (i.e. changing a 7 to an 8) – find a whole new phrase, and
- Use multi-factor authentication whenever possible.
Shore up here, too
While IRS didn’t address this specifically in its latest update, there is one vulnerability that often isn’t password-protected at all: desktop folders.
Those little manila-shaped icons are leaving companies’, their employees’ and even their customers’ sensitive information at risk.
That’s the finding of the recent 2019 Varonis Global Data Risk Report.
Specifically, these two vulnerabilities make desktop folders a liability for every firm:
- They’re not locked down. Nearly a quarter (22%) of folders are open to everyone. For 15% of your peers that equals more than one million folders that anyone could access.
- They’re full of stale data. Almost three-quarters (73%) of desktop folders house stale data, which is sensitive info a company no longer needs to do business.
Going forward, all folders should be restricted only to those who need them. You’re also going to want IT to lock folders down and restrict access.
But you might encounter some pushback from IT when you raise the issue. The techies estimate it takes about six to eight hours per folder to locate and manually remove global access groups, then figure out who needs access and create new groups.
Considering how much a data breach could cost, it’s worth the effort.
Free Training & Resources
Further Reading
Layoffs, inflation, AI … these are just some of the factors making employees feel more stressed about their jobs and career future. S...
A federal ban on employee non-compete agreements may not go into effect in September after all. Two lawsuits scheduled to be decided in...
Accounting firms face tougher fiduciary duties as the result of three new federal rules. The Securities & Exchange Commission (SEC) ...
Successful finance pros get to the top by knowing and doing a lot. But one of the most practical skills you can have when you’re ...
Even the best finance pros face times when they have difficult things they don’t want to say to their team, boss or clients. And ...
About 90% of U.S. companies were targeted by cyber‑fraud last year – almost a 25% increase from the previous year. The rise doesn...