Given the rise of tax-related identity theft and phishing attempts that can result in infiltrators taking over accounting firm employees’ credentials and gaining access to critical and confidential data, a password is no longer enough to protect the private information of accounting firm clients.

Yet only a small number of accounting and tax software providers are implementing a security standard known as multi-factor authentication to protect professional users and their clients from the mounting threat of cyber-attacks.

What is multi-factor authentication?

Multi-factor authentication is the process by which the provider of access to critical personal and financial information verifies that a user is in fact the true user by triggering a second, and more secure, form of identity check. For professional accounting firms, the equivalent is any application or portal that would provide the user access to critical personal or financial data through their systems.

When multi-factor authentication is enabled, you and your clients are granted access to data or an application after presenting pieces of evidence from two or more of the following categories:

  • Something you know (e.g., password);
  • Something you have (e.g., phone); or
  • Something you are (e.g., fingerprint).

You’re likely familiar with this process, as many financial institutions, healthcare providers, investment houses, social media outlets, and others now give users the option of setting up a two-factor authentication process that involves a security code being sent to your registered mobile device.

When multi-factor authentication is used, it helps to ensure that if thieves manage to steal you or your clients’ credentials (i.e., user names and passwords), they will be blocked from actually accessing accounts, software, portals, etc.

How is multi-factor authentication implemented at accounting firms?

Using the latest technology, some progressive accounting and tax software providers are embedding security controls that offer convenient and secure user authentication for a firm’s staff and clients. Firms can choose to require multi-factor authentication for all staff (which is advisable) or not (which leaves the firm more susceptible to malware). For clients, firms can make multi-factor authentication an option on a client-by-client basis, based on their clients’ desires.

Multi-factor authentication technology correctly designed by a provider should be available for both cloud-based and on-premise deployments, allowing firms to avail themselves of state-of-the-art security measures across the board. Remember that if a firm is compromised by malware, bad actors can access everything within an accounting firm’s systems regardless of whether it is cloud-based or on-premise. In evaluating a software provider, the one who can apply the multi-factor technology to both deployment methods is the better choice.

Keeping your clients and your firm safe

In a profession where cyber-security is of the utmost importance in safeguarding the personal information of your clients and the integrity of your firm, consider if your accounting software provider offers multi-factor authentication as one way to stay ahead of identity thieves.

Jon Baron
Jon Baron

is managing director of the professional segment of the tax and accounting business of Thomson Reuters, which he joined in 1992.