Securing Your Mobile Devices: A Guide for Tax Professionals on the Go
More tax work happens on mobile devices than ever before. Learn how to protect client data when you're away from the office.
The modern tax professional often works beyond the traditional office setting. Whether you're meeting clients at their location, working from home, or simply checking emails from your phone, mobile devices have become essential tools. But this convenience comes with security responsibilities that many practitioners overlook.
The Mobile Security Challenge
Mobile devices face unique threats compared to desktop computers. They can be lost or stolen more easily, connect to unsecured Wi-Fi networks, and often blend personal and professional use. For tax professionals handling sensitive client information, these vulnerabilities require careful attention.
Consider what's on your phone right now. Client emails, tax software apps, document management tools, maybe even saved passwords. If that device fell into the wrong hands, how much client information could be compromised?
Essential Device Security Measures
Start with the basics. Every device that accesses client information should have a strong passcode or biometric lock. A simple four-digit PIN is not sufficient—use a complex alphanumeric password or enable fingerprint or face recognition. Configure your device to lock automatically after a short idle period.
Enable device encryption, which is standard on most modern smartphones and tablets. This ensures that even if someone physically accesses your device, they can't read the data without your passcode. Also enable remote wipe capability so you can erase the device if it's lost or stolen.
Secure Network Practices
Public Wi-Fi networks are convenient but dangerous. Never access client information or log into sensitive accounts over public Wi-Fi without protection. If you must work from a coffee shop, hotel, or other public location, use a virtual private network (VPN) to encrypt your connection.
Even at home, ensure your Wi-Fi network is properly secured. Use WPA3 encryption if available, or WPA2 at minimum. Change default router passwords and keep router firmware updated. Your home network security is only as strong as its weakest link.
App Security and Management
Only download apps from official stores and keep them updated. Updates often include security patches for newly discovered vulnerabilities. Review what permissions apps request—a flashlight app that wants access to your contacts, for example, should raise concerns.
If possible, use separate devices for personal and business purposes. If that's not practical, consider using device management features that create separate containers for work and personal data. Some tax and document management software offer secure apps specifically designed for mobile access to client information.
Email Security on Mobile
Mobile email access requires special vigilance. It's harder to spot phishing attempts on a small screen where you can't easily hover over links to see where they lead. Be especially cautious about urgent requests that arrive when you're on the go and might act hastily.
Configure your email app to not automatically download attachments or display images, as these can be used in attacks. When you receive sensitive documents, download them only when you're on a secure network and can properly review them.
Physical Security Awareness
Never leave devices unattended in public places, even briefly. Don't store devices in checked luggage when traveling. Be aware of shoulder surfers who might observe your screen or watch you enter passwords. Position yourself so your screen isn't visible to others.
When you're done with a device, don't just sell or dispose of it casually. Perform a factory reset to erase all data, and verify that the reset was complete. Old devices can be treasure troves of information if not properly wiped.
Creating Mobile Security Policies
Document your mobile security practices as part of your overall security plan. If you have staff, establish clear policies about what devices can access client information, what security measures are required, and how incidents should be reported.
Regular reviews of your mobile security practices help ensure you're keeping up with evolving threats and taking advantage of new security features. Make mobile security part of your ongoing security awareness, not a one-time consideration.