All too often we install the security cameras after we are burglarized; start carrying pepper spray after an assault. Business owners, large and small, face heightened risks in our modern world and reactive security plans do not cut it. A proactive plan can prevent the breech before it ever happens.
Small business owners, income property owners and even people with a side hustle need to have a security plan. It’s not only a big business problem. Some businesses are required by law to have a security plan. For example, the IRS requires tax professionals to have a written security plan that is updated annually. Those selling securities or insurance, banks and other financial institutions have similar requirements.
Whether your industry requires a security plan or not, you must have one. In this post we will start with a short discussion on security plans for tax professionals and accountants because that is the demographic this blog serves. I will then share where the detailed security plan nearly failed in my office and how we shored up our procedures to protect employees and clients. Then we will discuss implementing a security plan for your business, regardless the field you are in. I will point out the benefits of a security plan for even as innocent a side hustle as dog walking. If you never need to test your security plan in real life, all the better. But if fate comes knocking I want you, kind readers, to be prepared so risk is reduced.
I’ll close this post with a side hustle opportunity.
Security Plan for Tax Professionals and Accountants
I will start with my industry because we are a prime target due to the information we handle daily. Too many tax offices are light on the security issues over cost concerns. Security isn’t always a heavy expense, though tax offices are finding security a rising expense. Avoidance is the most expensive choice. A security breech virtually guarantees the death of the small tax or accounting practice as trust is forever lost.
The IRS requires a minimal security plan for offices preparing taxes. As a professional I take exception with minimal effort in any area of my business. However, small tax practices, as well as those with a side hustle, should consider the IRS plan as a starting point for building a security plan.
Protection of data is the number one issue businesses need to address. Tax preparers handle large amounts of sensitive data; data security has to be a top priority.
Protecting data is not just about a secure computer system. Training ALL employees on procedures for handling information requests is a must. Malcontents look for the weakest link in a firm to extract data or to access the corporate computer systems. Untrained employees are the weakest link. Once trained, you need to test your employees to determine additional areas needing more training.
Information, regardless how minor, must NEVER be disseminated without a proper power-of-attorney on file! Remember, the POA doesn’t mean all data is available, only that which has been authorized.
Measures should be taken so no one else in the office can overhear a personal conversation. A dedicated conference room with sound absorbing material on the walls is valuable if you have a room for such a purpose. Office doors should be closed when confidential conversations are in progress.
Data security is the real issue here. Safeguarding your data is vital. One data breech and your practice can be gone. The cost to recover for a small business is too large in many cases to survive the attack.
The IRS has guidelines in this matter. Your data security plan should:
- Include the names of all program managers. This would include outside IT companies used to secure your data.
- Identify risks to customer data.
- Evaluate the risks and current safety measures.
- Design a program to protect said data.
- Once the plan is created it must be implemented and updated.
The data security plan in my office runs over 30 pages and covers every conceived risk to client data with redundancies built into the system. Protecting the client is the highest priority in my firm.
This blog makes my firm more visible so I take added measures. This can be a large burden for small tax firms and those just beginning. Drake Software (the commercial tax software I use in my office) has produced an excellent tool for building your required data security plan. The Drake template is a comprehensive plan useful for most firms. I will not show any details of my actual plan as it contains proprietary information and publishing the safeguards would give scammers too much information to attack my firm.
The Drake Software Tax Office Security Plan can be had here without cost:
The template is also an excellent tool for any small business or side hustle handling client information.
Now I want to turn to another area that needs consideration: personal safety. In my office I have taken steps to protect my employees from personal harm should a client become aggressive or in the event of a robbery. Workplace violence is real and a common fare in the news feeds. Proactive is the only way to go.
As much thought and effort as I have put into safety and security measures, we still had an incident earlier this tax season we all can learn from and the reason for this post.
Let me first share the post I made in a Facebook private group for tax professionals before I share my solutions:
This is NOT a rant! Rather, this is how to handle a difficult situation safely and correctly.
A client from 20 years ago returned. He was a bit weird in his recordkeeping, wanting us to only scan what we needed and give his stuff back before he left and before we prepared the return. He also wanted us to put documents back in the envelopes they came in.
Not a normal client, for sure, but nothing that would cause too much strife. We can humor a client if they want documents back in envelopes and scan documents and return them prior to preparing the return.
He picked up his return last night and it was reviewed with him. However, he didn’t give us all the tax documents — he was too concerned with his filing system than with accuracy. He discovered the error last night after he left.
He is waiting at the office this morning. An employee who always comes in early to get the office organized before opening was confronted by this client. He tries to push his way into the office.
Let me be clear. This is a female employee with a man pushing in behind her where she would be caught in a small locked foyer area if he succeeded. (We have double doors, double locked for security.) The employee was scared out of her mind obviously.
She managed to keep the client out. She called the police and then called me.
We had some snow last night and I live 20 minutes away in good weather. The snow made the highways worse than the side roads so it was slow ride in.
The police came and made it clear he did something unacceptable. The client left before I arrived.
When I got to the office I heard the employee’s story and believed her story. The client forced his arm into the door so she couldn’t close it and tried to force his way in. If he would have succeeded it would have been tight quarters and even more frightening for the employee.
The client told the employee he was going to get her fired.
I called the client and got his story. His story was he did nothing wrong, of course. Well, until I reminded him I have many security cameras inside and outside the building and that I would review them later today. Then he changed his story, saying he might have tried to force his way in.
I told the client he is fired. I will not cash his check and will not file his return. He is no longer welcome at my establishment.
My employee absolutely did the right thing in calling the police first and me second.
The employee will NOT be fired or even reprimanded. She did everything by the book. No employee of mine should ever feel unsafe in my business. EVER!
It ended with one less client. But no one client is worth it: rude behavior, threats, mistreating employees, cheating on taxes. We are professional people. You should always feel safe at work and home. My office took time this morning to review with all employees the course of action if they ever feel unsafe. The client doesn’t always come first; my team does. Without my team I can’t serve clients.
To start, if this happened at a bank there would have been an arrest. But the police, like much of the public, don’t consider most businesses all that important so they act as if nothing bad has happened until it gets very serious.
Another point to make is that the client hounded my employee that he would get her fired. Threats and intimidation don’t work with me. That is instant ground for removal from my client list.
This isn’t a good policy for tax offices only either. Personal safety is “the” priority always! If you have a side hustle walking dogs you might not need a data security plan, but you do need a personal safety plan. Your plan needs to consider procedures if you or someone else is bitten by one of the dogs in your care, if a dog escapes or if you are attacked by another person while walking dogs. Your plan might include carrying pepper spray and a mapped out route for walking dogs where there are plenty of lights and people present. Safe places along the route should be identified in advance.
The incident in my office revealed one large flaw in my security plan. Employees came in the front door — the same door clients come in. If a client arrives early they can be to the front door before the employee. This is bad. Many early arrivals have no appointment and need to wait until the office is ready to open. Unfortunately, not all have this level of common sense.
I mentioned if this happened at a bank the client would have been arrested. Pushing into a bank behind an employee outside business hours would bring a heavy response from police. But the police didn’t take it as seriously because we did something very different from banks. Bank employees have a separate entrance where it is more difficult for a client to get to as fast as the front entrance.
My office has side doors! After a review with employees, we set a policy that employees will now use a separate side entrance at all times. If this policy had been in place, my employee would never have had the problem outlined above.
When to Build Your Security Plan?
We can be proactive or reactive. My office’s detailed data plan is an example of good proactive planning. The side door policy for employees is an example of reactive planning. Proactive would have been better.
Tax offices are required by law to have a data security plan. It makes sense to include a personal safety plan for employees at the same time.
Regardless your business or side hustle, or the size, you need a security and personal safety plan in place. If you handle data, you need a data security plan. Everyone needs a plan for handling the myriad scams and spam calls. Data security and personal safety plans are a must.
The Drake outline is a comprehensive plan for tax and accounting firms. It also is a good starting point for other businesses.
But it is only a starting point! Your data security and personal safety plans must be reviewed and updated regularly to be effective. Even the best plans have no value if not implemented. And even the best implemented plans will have holes as I found out this tax season. This is not a “set it and forget it” activity.
Security plans must evolve. Society changes, risks change, new risks are discovered. Your security plan must be proactive with the ability to be reactive when a flaw is discovered.
Businesses face greater challenges than ever before. Not long ago the greatest risk was burglary. Now, scam artists from anywhere on the planet, have an equal shot at harming your business.
Protect your data, protect your clients and employees. Backups and layers of security measures are the brave new world we live in. We can navigate these waters, but it takes effort.
And my clients, my employees, are worth the effort.
If interested in a side hustle idea, consider security planning for businesses. Here is some additional reading on the subject:
More Wealth Building Resources
Personal Capital is an incredible tool to manage all your investments in one place. You can watch your net worth grow as you reach toward financial independence and beyond. Did I mention Personal Capital is free?
Side Hustle Selling tradelines yields a high return compared to time invested, as much as $1,000 per hour. The tradeline company I use is Tradeline Supply Company. Let Darren know you are from The Wealthy Accountant. Call 888-844-8910, email Darren@TradelineSupply.com or read my review.
Medi-Share is a low cost way to manage health care costs. As health insurance premiums continue to sky rocket, there is an alternative preserving the wealth of families all over America. Here is my review of Medi-Share and additional resources to bring health care under control in your household.
QuickBooks is a daily part of life in my office. Managing a business requires accurate books without wasting time. QuickBooks is an excellent tool for managing your business, rental properties, side hustle and personal finances.
A cost segregation study can reduce taxes $100,000 for income property owners. Here is my review of how cost segregation studies work and how to get one yourself.