Going digital means you can’t ignore security

As the tax system becomes fully digital, businesses and individuals will have to be more conscious than ever of data security, argues Emma Woods.

We’ve seen a lot of discussion of HMRC’s ‘Making Tax Digital’ project – something which is going to necessitate most businesses and many landlords acquiring new software at their own expense. Of course, there are benefits of storing data in the cloud – the 24/7 access, free support and automatic updates, as well as simple-to-use interfaces.

These strengths are, however, also a weakness.

Potentially the new system might allow other unauthorised people to access your accounting data, so it’s important you take some simple steps to make everything secure.

Here are my top tips:

  1. Change your passwords regularly.
  2. Use a long password which includes symbols and numbers – this can even be an expression or a sentence without spaces and punctuation.
  3. If you have a lot of online accounts, get a password management system such as Last Pass, which enables you to store all your passwords securely.
  4. Wherever you can, use “two-factor authentication”. In simple terms, this could involve a code which is sent by text to your mobile phone.
  5. Do not leave your password written down for others to see – it is amazing how many people do this is in a business environment!
  6. Never divulge your password to anyone.
  7. If you are contacted by anyone purporting to be from your internet provider, software provider etc., ensure you ring them back from a different phone on the normal number before divulging the answer to any security questions.

These simple tips will help you stay secure as long as you follow them consistently.

I make these points because I know only too well the effect a security breach can have in the real world.

A client had been contacted by people purporting to be from his bank, explaining that they were calling to prevent a fraudulent transaction on the account. To clear security, he provided mother’s maiden name and two digits of his six-digit pin code.  The client rang the bank back, but from the same telephone. This is a mistake, as fraudsters can hold the line open for a few minutes. He gave his date of birth and another two digits of the pin, in order to be put through.  He was then asked for another two digits and his home address, to be extra safe!

A well-executed, 10-minute process resulted in the fraudsters obtaining all security data which then enabled them to contact the bank themselves and make an overseas payment.  An hour later, £50,000 had been transferred out and the insurance company refused the claim due to the fact that security data been given to the fraudsters.

The conmen were able to gather enough information about the client’s bank transactions (by intercepting emails and accessing online systems) to sound very knowledgeable, making the scam more convincing. Something easily prevented…