wcg security procedures

Security and Privacy Procedures

Posted Wednesday, April 24, 2024

Your security and privacy are very important to everyone at WCG. We want to outline the various policies and procedures which are implemented to protect your confidential information.

Building Security

Our Colorado Springs office building is a single tenant structure and is locked after hours. All guests and clients who arrive at our office must check in with one of our Client Support team members. During tax season, it is common to have 30-35 employees throughout our 6,500 square feet of office space including three conference spaces. All employees are continuously aware of the surroundings, and challenge anyone who is not escorted or recognized.

Our Mitchell office building is a multi-tenant structure and our suite is locked during business hours.

Employee Mandates

We require all employees to be aware of security and privacy, and sign a Non-Disclosure Agreement. All new employees are screened with a background check with CheckR, and we also conduct credit and financial screening bi-annually for all employees.

Remote Work Arrangement

Our employees work remotely 2 to 3 days per week. We have policies about client privacy and confidentiality that extend remotely. For example, all remote employees must have a space with a door to allow for safe and private client conversations either on the telephone or videoconferencing. We also do not allow anyone other than the employee to use the remote computer.

Speakerphone

All employees are equipped with cordless headsets to allow them to continue working with two hands while being on hold or speaking with a client. Speakerphone is strongly discouraged for the sake of hands-free efficiency and privacy. If speakerphone is used, we will always announce that you are in speakerphone and name the listening participants.

Printers

WCG is generally a paperless work environment. Workflow management and document interaction is primarily electronic. Each workstation is equipped with three monitors to allow for efficient use of electronic documents.

While uncommon, at times, certain documents including tax returns are printed. Printers are routinely monitored by the Tax Support team, and all employees are required to retrieve printouts immediately after printing. On our Closing Checklist, the last Tax Support or Client Support team member for the day must shred all printouts.

Shredding

Locked shred depositories are located next to the printer copiers and throughout the offices. A bonded shredding company periodically arrives to shred the documents on-site.

File Servers

Our data is backed up 4 times a day with revisionary control, and we have cold storage that is 3 years deep. Pine Support a Denver company, is our vendor for all IT support and IT security, and they exclusively work with CPA firms.

Off-Shoring Data Protection

After a lengthy interview and testing period WCG made the decision to partner with KMK Ventures Private Limited, a tax and accounting company in India with over 15 years of experience and 225 professionals including Chartered Accountants, to assist us with tax return preparation and accounting services.

We also realize that identity protection and security is top of mind for everyone; WCG is following (and going beyond) the accounting industry’s best practices including IRS compliance directives to safeguard your data. Fortunately, there is a ton of excellent resources and guidelines from the hundreds of CPA firms that have done this before us.

Specifically, WCG has data concentration in four areas: Tax Software, Client Documents, Workflow and Electronic Tax Binders.

Our Tax Software, Thomson Reuters, is self-hosted by our own servers (we tried using cloud-based servers but were not thrilled with the technical reliability). Our client document management system is hosted directly by Citrix Sharefile. Our Workflow is hosted by CanopyTax, who started as a tax resolution business. Our Tax Binders are hosted by SurePrep, a company that is best in class and recently acquired by Thomson Reuters.

All hosted data is encrypted and segregated between “off-shoring” and “stateside” with passwords including 2-factor authentication (2FA). We also use security groups to segregate internal teams.

Data, including email, is never downloaded or maintained on any portable external computer.

Content Control

All inbound internet traffic is compared to allowed content and most of it is disallowed. There is simply too much malware and other undesirable content associated with Facebook, Instagram and other social media outlets and shopping websites.

Email Washer

All emails sent to WCG go through a mail washer program to compare the sender to known spammers and authors of malware and viruses. The mail washer also denies certain file types for attachments. As a result, all ZIP and EXE files are excluded. Zipping or compressing large files is not necessary since our client portal can handle files of all sizes.

Emailed Tax Returns

Tax returns, and similar high security files, are uploaded to your Sharefile portal for safe retrieval. If you need a copy emailed to you (or others) we do that through an encrypted email using Citrix Sharefile.

Email Etiquette

Our Associate Handbook has very specific email policies and procedures including the ones above. We will never send personal information such as social security numbers, dates of birth, or passwords through email.

Client Portal

We use ShareFile by Citrix to securely allow you to upload files to us, and for us to upload files to you. They use 256-bit encryption and market themselves to firms specifically in the financial and accounting industries. Your Client Portal acts like cloud storage with one exception- all files are synchronized with our local file servers. This allows us to efficiently process your uploaded files and to back up your data locally.

Online Digital Forms

WCG has selected Formstack as our third-party provider of secure digital forms. They are best in class for ease of use, but they are also best in class for security. All sensitive information is encrypted and is never emailed. All WCG employees must enter a unique password to retrieve forms with sensitive information (such as SSN, driver’s license, and banking information).

Credit Card Payments

Credit card numbers and associated information is encouraged to be entered directly into our CanopyTax credit card processing web portal. We also accept PayPal payments as well.

Please contact us with additional questions or concerns. We wanted to briefly explain the several policies and procedures to protect your security and privacy. Thanks!