All too often we install the security cameras after we are burglarized; start carrying pepper spray after an assault. Business owners, large and small, face heightened risks in our modern world and reactive security plans do not cut it. A proactive plan can prevent the breech before it ever happens.
Small business owners, income property owners and even people with a side hustle need to have a security plan. It’s not only a big business problem. Some businesses are required by law to have a security plan. For example, the IRS requires tax professionals to have a written security plan that is updated annually. Those selling securities or insurance, banks and other financial institutions have similar requirements.
Whether your industry requires a security plan or not, you must have one. In this post we will start with a short discussion on security plans for tax professionals and accountants because that is the demographic this blog serves. I will then share where the detailed security plan nearly failed in my office and how we shored up our procedures to protect employees and clients. Then we will discuss implementing a security plan for your business, regardless the field you are in. I will point out the benefits of a security plan for even as innocent a side hustle as dog walking. If you never need to test your security plan in real life, all the better. But if fate comes knocking I want you, kind readers, to be prepared so risk is reduced.
I’ll close this post with a side hustle opportunity.
Security Plan for Tax Professionals and Accountants
I will start with my industry because we are a prime target due to the information we handle daily. Too many tax offices are light on the security issues over cost concerns. Security isn’t always a heavy expense, though tax offices are finding security a rising expense. Avoidance is the most expensive choice. A security breech virtually guarantees the death of the small tax or accounting practice as trust is forever lost.
The IRS requires a minimal security plan for offices preparing taxes. As a professional I take exception with minimal effort in any area of my business. However, small tax practices, as well as those with a side hustle, should consider the IRS plan as a starting point for building a security plan.
Protection of data is the number one issue businesses need to address. Tax preparers handle large amounts of sensitive data; data security has to be a top priority.
Protecting data is not just about a secure computer system. Training ALL employees on procedures for handling information requests is a must. Malcontents look for the weakest link in a firm to extract data or to access the corporate computer systems. Untrained employees are the weakest link. Once trained, you need to test your employees to determine additional areas needing more training.
Information, regardless how minor, must NEVER be disseminated without a proper power-of-attorney on file! Remember, the POA doesn’t mean all data is available, only that which has been authorized.
Measures should be taken so no one else in the office can overhear a personal conversation. A dedicated conference room with sound absorbing material on the walls is valuable if you have a room for such a purpose. Office doors should be closed when confidential conversations are in progress.
Data security is the real issue here. Safeguarding your data is vital. One data breech and your practice can be gone. The cost to recover for a small business is too large in many cases to survive the attack.
The IRS has guidelines in this matter. Your data security plan should:
- Include the names of all program managers. This would include outside IT companies used to secure your data.
- Identify risks to customer data.
- Evaluate the risks and current safety measures.
- Design a program to protect said data.
- Once the plan is created it must be implemented and updated.
The data security plan in my office runs over 30 pages and covers every conceived risk to client data with redundancies built into the system. Protecting the client is the highest priority in my firm.
This blog makes my firm more visible so I take added measures. This can be a large burden for small tax firms and those just beginning. Drake Software (the commercial tax software I use in my office) has produced an excellent tool for building your required data security plan. The Drake template is a comprehensive plan useful for most firms. I will not show any details of my actual plan as it contains proprietary information and publishing the safeguards would give scammers too much information to attack my firm.
The Drake Software Tax Office Security Plan can be had here without cost:
Drake Software Tax Office Security Plan and Sample (1)
The template is also an excellent tool for any small business or side hustle handling client information.
Personal Safety
Now I want to turn to another area that needs consideration: personal safety. In my office I have taken steps to protect my employees from personal harm should a client become aggressive or in the event of a robbery. Workplace violence is real and a common fare in the news feeds. Proactive is the only way to go.
As much thought and effort as I have put into safety and security measures, we still had an incident earlier this tax season we all can learn from and the reason for this post.
Let me first share the post I made in a Facebook private group for tax professionals before I share my solutions:
This is NOT a rant! Rather, this is how to handle a difficult situation safely and correctly.
A client from 20 years ago returned. He was a bit weird in his recordkeeping, wanting us to only scan what we needed and give his stuff back before he left and before we prepared the return. He also wanted us to put documents back in the envelopes they came in.
Not a normal client, for sure, but nothing that would cause too much strife. We can humor a client if they want documents back in envelopes and scan documents and return them prior to preparing the return.
He picked up his return last night and it was reviewed with him. However, he didn’t give us all the tax documents — he was too concerned with his filing system than with accuracy. He discovered the error last night after he left.
He is waiting at the office this morning. An employee who always comes in early to get the office organized before opening was confronted by this client. He tries to push his way into the office.
Let me be clear. This is a female employee with a man pushing in behind her where she would be caught in a small locked foyer area if he succeeded. (We have double doors, double locked for security.) The employee was scared out of her mind obviously.
She managed to keep the client out. She called the police and then called me.
We had some snow last night and I live 20 minutes away in good weather. The snow made the highways worse than the side roads so it was slow ride in.
The police came and made it clear he did something unacceptable. The client left before I arrived.
When I got to the office I heard the employee’s story and believed her story. The client forced his arm into the door so she couldn’t close it and tried to force his way in. If he would have succeeded it would have been tight quarters and even more frightening for the employee.
The client told the employee he was going to get her fired.
I called the client and got his story. His story was he did nothing wrong, of course. Well, until I reminded him I have many security cameras inside and outside the building and that I would review them later today. Then he changed his story, saying he might have tried to force his way in.
I told the client he is fired. I will not cash his check and will not file his return. He is no longer welcome at my establishment.
My employee absolutely did the right thing in calling the police first and me second.
The employee will NOT be fired or even reprimanded. She did everything by the book. No employee of mine should ever feel unsafe in my business. EVER!
It ended with one less client. But no one client is worth it: rude behavior, threats, mistreating employees, cheating on taxes. We are professional people. You should always feel safe at work and home. My office took time this morning to review with all employees the course of action if they ever feel unsafe. The client doesn’t always come first; my team does. Without my team I can’t serve clients.
To start, if this happened at a bank there would have been an arrest. But the police, like much of the public, don’t consider most businesses all that important so they act as if nothing bad has happened until it gets very serious.
Another point to make is that the client hounded my employee that he would get her fired. Threats and intimidation don’t work with me. That is instant ground for removal from my client list.
This isn’t a good policy for tax offices only either. Personal safety is “the” priority always! If you have a side hustle walking dogs you might not need a data security plan, but you do need a personal safety plan. Your plan needs to consider procedures if you or someone else is bitten by one of the dogs in your care, if a dog escapes or if you are attacked by another person while walking dogs. Your plan might include carrying pepper spray and a mapped out route for walking dogs where there are plenty of lights and people present. Safe places along the route should be identified in advance.
The incident in my office revealed one large flaw in my security plan. Employees came in the front door — the same door clients come in. If a client arrives early they can be to the front door before the employee. This is bad. Many early arrivals have no appointment and need to wait until the office is ready to open. Unfortunately, not all have this level of common sense.
I mentioned if this happened at a bank the client would have been arrested. Pushing into a bank behind an employee outside business hours would bring a heavy response from police. But the police didn’t take it as seriously because we did something very different from banks. Bank employees have a separate entrance where it is more difficult for a client to get to as fast as the front entrance.
My office has side doors! After a review with employees, we set a policy that employees will now use a separate side entrance at all times. If this policy had been in place, my employee would never have had the problem outlined above.
When to Build Your Security Plan?
We can be proactive or reactive. My office’s detailed data plan is an example of good proactive planning. The side door policy for employees is an example of reactive planning. Proactive would have been better.
Tax offices are required by law to have a data security plan. It makes sense to include a personal safety plan for employees at the same time.
Regardless your business or side hustle, or the size, you need a security and personal safety plan in place. If you handle data, you need a data security plan. Everyone needs a plan for handling the myriad scams and spam calls. Data security and personal safety plans are a must.
The Drake outline is a comprehensive plan for tax and accounting firms. It also is a good starting point for other businesses.
But it is only a starting point! Your data security and personal safety plans must be reviewed and updated regularly to be effective. Even the best plans have no value if not implemented. And even the best implemented plans will have holes as I found out this tax season. This is not a “set it and forget it” activity.
Security plans must evolve. Society changes, risks change, new risks are discovered. Your security plan must be proactive with the ability to be reactive when a flaw is discovered.
Businesses face greater challenges than ever before. Not long ago the greatest risk was burglary. Now, scam artists from anywhere on the planet, have an equal shot at harming your business.
Protect your data, protect your clients and employees. Backups and layers of security measures are the brave new world we live in. We can navigate these waters, but it takes effort.
And my clients, my employees, are worth the effort.
If interested in a side hustle idea, consider security planning for businesses. Here is some additional reading on the subject:
More Wealth Building Resources
Personal Capital is an incredible tool to manage all your investments in one place. You can watch your net worth grow as you reach toward financial independence and beyond. Did I mention Personal Capital is free?
Side Hustle Selling tradelines yields a high return compared to time invested, as much as $1,000 per hour. The tradeline company I use is Tradeline Supply Company. Let Darren know you are from The Wealthy Accountant. Call 888-844-8910, email Darren@TradelineSupply.com or read my review.
Medi-Share is a low cost way to manage health care costs. As health insurance premiums continue to sky rocket, there is an alternative preserving the wealth of families all over America. Here is my review of Medi-Share and additional resources to bring health care under control in your household.
QuickBooks is a daily part of life in my office. Managing a business requires accurate books without wasting time. QuickBooks is an excellent tool for managing your business, rental properties, side hustle and personal finances.
A cost segregation study can reduce taxes $100,000 for income property owners. Here is my review of how cost segregation studies work and how to get one yourself.
Worthy Financial offers a flat 5% on their investment. You can read my review here.
John
Friday 28th of February 2020
It was instilled in me from a young age to have SITUATIONAL AWARENESS at all times. It is much more difficult to properly confront a security threat if you have not identified it early on. In my line of work this is spoken like gospel, but I use it when I am off duty too. Not sitting with my back to a front door when at a restaurant, knowing where my emergency exits are (I actually check that the emergency exit doors are not propped open at the movie theater, my wife thinks I'm nuts) , routes of egress while walking or driving, scanning a room and making a note of individuals who are there, who is coming and going, and who looks out of place. Unfortunately in today's society I have also adopted periodically looking for places of cover and/or concealment if shots start being fired. I had to explain to my family that car doors do not stop bullets, only engine blocks do.
Good for you for at least talking to your employees about proper security procedures and making necessary adjustments. At the end of the day, we are all responsible for our own security. Police might be a phone call away, but that can be a long way away.
Matt
Friday 28th of February 2020
Being a security consultant is 100% not a side gig. The technology changes every 6-12 months. If you get something wrong, you don't get to file an "amended security system" after the fact and make everything right. You can spend a decade in the industry and still fill an encyclopedia with things you don't know. There's also the licensing and insurance requirements. It's a rewarding field, but its a full-time job and then some.
Keith Taxguy
Friday 28th of February 2020
Matt, I never intended to belittle the work security consultants do. The side hustle suggestion is related to the blog post. Helping other tax professionals set up their data security plan as outlined by the IRS is something my office did internally. We worked with our IT firm to build the back end of the plan. I think many could find a full-time side hustle just helping tax offices set up a "written" data plan as outlined by Revenue. Anything but the smallest firms would require someone with your level of expertise. Yet small firms can not afford your level of service. Some security plan (or helping the dog walker build a safety plan) could be a rewarding side hustle.