The Woodard Report

Five Ways Tax Preparers Can Utilize SharePoint for Their Data Security Plan

Written by Jefferson Keith | Oct 28, 2021 1:59:35 PM

The Internal Revenue Service (IRS) has strict requirements that tax preparers must meet to remain compliant. They must create and implement a data security plan that ensures consumer information confidentiality and security, select service providers that maintain appropriate safeguards, offer encryption, and use multi-factor authentication. Additionally, remote employees must adhere to these guidelines and adequately secure their non-traditional workplaces.

While these requirements may seem overwhelming, utilizing innovative cloud technology that provides critical safeguards is an effective first step. Microsoft's advanced SharePoint platform comprises several cybersecurity measures and integrates into several platforms that tax preparers use. Additionally, tax preparers can access the technology anywhere and on any device, allowing for safe collaboration and a secured remote workspace. By integrating SharePoint into their business, tax preparers will meet several IRS conditions and strengthen their security posture with the following five features.

Data protection.

A significant benefit of using Microsoft SharePoint is that data is protected at rest and in transit. Data centers throughout the country store the information and employ rigorous protection measures. The data centers can only be accessed by limited personal, who must verify their identities through various steps, including biometrics. The buildings are highly guarded and monitored by armed security officers, motion sensors, and video surveillance. And by utilizing data centers in the US, Microsoft promotes data sovereignty by ensuring the data stays in its country of origin, restricting its exposure to the laws and regulations of other governments. 

When data is transferred between users and data centers, best-in-class encryption protects it at disk and file levels. The encryption ensures that only the intended parties can access the data. Microsoft's anti-malware engine is one of the largest, fed by millions of endpoints worldwide. It scans files at the time of upload, ensuring the files you send and receive are free of viruses. To maintain a safe environment, automated and manual analysis help detect possible threats, and a security response team evaluates and remediates identified risks.

User authentication.

It is critical to authenticate users upon access to protect data from ending up in the wrong hands. SharePoint authenticates users through Azure Active Directory (AAD) by asking for their email credentials. AAD then provides the user's browser with a token that is validated back on the SharePoint site to gain access. If using a different identity provider (IdP), or source of truth, AAD will re-direct the user to their IdP for verification and then back to Azure to receive the authentication token and access. Both of these processes happen automatically behind the scenes.

To create a better user experience and limit the number of sign-ins, SharePoint uses persistent cookies. Typically, their cookies are session cookies, deleting when the browser is closed. With the Keep Me Signed In option in AAD, cookies remain in the cache even when the browser is closed, eliminating the need to sign in again. However, administrators can disarm the option for more sensitive data, forcing users to authenticate themselves each time they access it.

Access control.

The functionality of SharePoint increases productivity by allowing tax preparers to access files from anywhere and on any device. However, devices may not be equipped with the appropriate security software, creating the opportunity for increased risk. To mitigate this, SharePoint strengthens security by allowing the administrator to control access. Company-managed devices typically have security software and applications to protect them from threats, and personal devices often have fewer of these measures. SharePoint provides the ability to control which devices can access the data, allowing administrators to deny access to those that are un-managed.

Another concern with remote work is the networks used to access the internet. Public networks are often unmonitored and unsecured, making it easy for nearby attackers to access the device and data. As a safeguard from this situation, administrators can control access to SharePoint based on the network location. Defined network boundaries ensure users only access SharePoint from trusted networks, and the access requested outside these boundaries will be denied. Additionally, if a third-party application requests access and does not have location-based policies turned on, they will be denied. These capabilities ensure the use of SharePoint on trusted networks, and that data remains protected.

Sensitivity labels.

Documents used by tax preparers have escalating levels of importance and should not be accessible to everyone in the organization. While the ability to collaborate on documents with people inside and outside of the organization is critical in the virtual landscape, it increases the opportunity for unauthorized individuals to view documents. With SharePoint's sensitivity labels, tax preparers can classify documents and protect them from outside parties. Users can designate documents as confidential by clicking a button in the ribbon at the top of the window, encrypting the data and applying a "confidential" watermark to the content, header, and footer. This action limits access and informs the viewer to treat the document with discretion.

Permission settings.

Tax preparers typically maintain a library of resources, documents, and files for clients and internal purposes. While several people may need access to this library, they don't require access to all. With SharePoint, administrators can utilize the principle of least privilege, giving the user the minimum permissions needed to perform their job. They can set permissions at the user, site, and document levels, making it easy to limit permissions for a single person or the entire organization. This ability is critical to providing users access to the resources they need while ensuring confidential information stays private.

Establishing an effective data security plan can seem like a daunting task, but with Microsoft SharePoint, tax preparers have a simple and effective solution to build their foundation. Its advanced features and capabilities provide a layered security approach, keeping data, users, and devices protected from possible threats. SharePoint provides a unified experience working across organizations by utilizing one IdP and integrating with several solutions to create a ubiquitous platform. Microsoft's Service Trust Portal also offers tax preparers additional compliance resources, including reports, whitepapers, vulnerability assessments, and compliance guides. Additionally, it provides access to Microsoft's Compliance Manager tool that evaluates subscription configurations against compliance criteria. By utilizing SharePoint, tax preparers will strengthen their approach and build a foundation for a data security plan that meets IRS requirements.