Protect Sensitive Accounting Firm and Client Data with Multi-Factor Authentication

If your accounting firm only uses passwords to protect sensitive firm and client data, you’re only one weak password away from a breach. Despite how hackers have increased the sophistication of their phishing and identity theft attacks over the years, the easiest tactic is still cracking the password.

81% of the total number of breaches leveraged stolen or weak passwords, according to the 2020 Verizon Data Breach Investigations Report. Regardless of how secure YOUR password is, your system could easily be breached if one of your colleagues is still using a weak password – such as passw0rd (still in the top 50 hacked passwords).

All because hackers gained access to log-in credentials.

Simple passwords – or even complex passwords requiring various combinations of letters, numbers and special characters – may not be enough to protect sensitive firm and client data.

To better protect your data – and prevent a data breach – implement multi-factor authentication.

What is Multi-Factor Authentication?

Also referred to as two-factor verification, multi-factor authentication (MFA) is one way to combat stolen passwords. Multi-factor authentication systems rely on verification of 2 or more factors from the following three groups:

• Something you know, such as your user ID and password
• Something you have, such as your mobile device
• Something you are, such as your fingerprint or other biometrics

Without MFA, the password is a single factor in the authentication process that verifies a users’ identity.

With multi-factor authentication, a second factor– in addition to the password – is required as part of the authentication process. This requirement adds another layer of protection against hacking and fraud attempts. If a criminal learns of or hacks your password, they’ll still need physical control of your phone or immediate access to your email account to get into your account.

Wolters Kluwer has incorporated a Two-Step Verification Process when logging into certain solutions. This security process leverages two authentication factors to increase assurance that the individual attempting to access vital data is who they declare to be.

The authentication factors that Wolters Kluwer uses are possession factors (something you have, such as a key fob, smartphone, or external email account) and knowledge factors (something you know, such as username and password or answers to security questions).

Why You Need 2-Step Verification

Multi-factor authentication helps safeguard your clients’ sensitive financial data while protecting your reputation. If you or one of your staff were to fall victim to a phishing attack, consider the consequences. A cybercriminal could conceivably gain access to all your clients’ files, including tax returns, copies of drivers’ licenses and more. Requiring MFA can significantly reduce fraud and identity theft resulting from stolen user credentials.

Explaining MFA to Your Clients

Your clients may not realize it, but they’ve probably been using multi-factor authentication for years. As you’re discussing data security with your clients, remind them that this is the same type of verification system they use on their banking and credit websites, Gmail, Facebook and Twitter. Clients who are familiar with online security will recognize and appreciate that you have implemented a multi-factor authentication solution to protect their data.

If you have less tech-savvy clients, there may be some need to explain how multi-factor authentication works. Consider providing an example - the most common and familiar 2-step verification example is the ATM.

ATMs require you to provide something you have - your ATM/Debit or Credit card. It also requires something you know - your private PIN. The ATM grants access to the account only when it has the correct combination of these two factors – knowledge and possession.

This example can help even the most reluctant client understand that they’ve been using multi-factor authentication for much longer than they probably knew.

Cybercriminals are becoming incredibly sophisticated. Their phishing attacks now take place on phony websites, via phishing emails, automated telephone calls and malware. Stealing passwords to access online accounts, stealing the data, and then filing fraudulent returns is a multi-billion-dollar industry for these criminals. And they’re good at what they do. We all need to be vigilant when protecting firm and client data. With multi-factor authentication, client data is safer.