Security Best Practices for Your Firm

VeritGuard Knowledge Base  |  Best Practices

Verito manages your firm's security tools, but your team's daily habits play an equally important role in keeping client data safe. This article covers the most impactful things every employee at your firm should know and do -- from password hygiene to patch day to working remotely.

In This Article

1. 5 Security Habits Every Employee Should Follow
2. How to Handle a Suspicious Email, Call, or Text
3. Why You Should Never Save Passwords in Your Browser
4. Working Remotely? Your Security Checklist
5. Why Your Computer Needs to Stay Powered On Overnight
6. Keeping Your Computer Healthy Between Tune-Ups

1. Five Security Habits Every Employee Should Follow

These are the highest-impact habits your team can adopt. Each one directly reduces the risk of a data breach at your firm.

1. Use 1Password for every login. Never reuse passwords across different sites. Never write them on sticky notes or save them in browser password managers. Let 1Password generate and store unique, complex passwords for each account. This single habit eliminates the most common cause of data breaches: compromised credentials.
2. Connect to NordLayer VPN before accessing firm data outside the office. Whether you are at home, at a coffee shop, or at a client's office, open NordLayer and click "Connect" before touching any work data. It takes 5 seconds and encrypts your entire connection.
3. Read email security banners before acting. Your inbox is protected by an anti-phishing tool that adds color-coded banners to incoming emails. A yellow banner means proceed with caution. A red banner means do not interact with the email at all. Never ignore these banners.
4. Lock your computer every time you step away. Press Windows + L (Windows) or Control + Command + Q (Mac) to instantly lock your screen. This prevents anyone -- a visitor, a cleaning crew member, a coworker's child -- from accessing client data while you are away from your desk, even for a minute.
5. Report anything suspicious immediately. If you receive a strange email, an unexpected MFA prompt, a phone call asking for your password, or if your computer is behaving oddly, contact Verito Support right away. Fast reporting is the single most effective way to stop an attack before it causes damage. There is never a penalty for reporting something that turns out to be harmless.

2. How to Handle a Suspicious Email, Call, or Text

Attackers don't just use email -- they also use phone calls (vishing), text messages (smishing), and even physical visits to trick employees. Here is how to respond to each:

Suspicious Email

1. Do not click any links or download any attachments.
2. Check the email security banner -- if it is yellow or red, follow the guidance in the banner.
3. If the email asks you to wire money, update payment details, share a password, or take urgent action -- verify by calling the sender directly at a number you already have on file. Do not use a phone number from the email itself.
4. Click "Report This Email" in the security banner or forward it to itsupport@verito.com.

Suspicious Phone Call

1. If someone asks for your password, login credentials, MFA codes, or remote access to your computer -- hang up.
2. Verito will never call you and ask for your password. Neither will Microsoft, Google, or the IRS.
3. If you are unsure whether the call was legitimate, call Verito Support at (844) 629-9899 to verify.

Suspicious Text Message

1. Do not click any links in unexpected text messages, especially those claiming to be from the IRS, a bank, or a delivery company.
2. If the message claims to be from someone at your firm, verify by calling them directly.
3. Report it to Verito Support if it references your firm, your clients, or your work systems.

3. Why You Should Never Save Passwords in Your Browser

Chrome, Edge, Firefox, and Safari all offer to save your passwords. This feels convenient, but it is a serious security risk for a firm handling taxpayer data:

1. Malware specifically targets browser passwords. "Info-stealer" malware -- one of the most common threats against accounting firms -- is designed to silently extract every password saved in your browser and send it to an attacker. This can happen in seconds.
2. Anyone with access to your computer can see them. Browser-saved passwords can be viewed in plain text from the settings page by anyone who sits down at your logged-in machine.
3. No access controls or audit trail. Browsers do not track who accessed which passwords, cannot enforce password complexity, and provide no way to revoke access when an employee leaves.
4. No secure sharing. When you need to share a login with a colleague, browser passwords offer no safe way to do it -- people end up texting or emailing credentials.

4. Working Remotely? Your Security Checklist

Whether you work from home regularly or occasionally take work on the road, follow this checklist every time you access firm data outside the office:

5. Why Your Computer Needs to Stay Powered On Overnight

Verito deploys critical Windows and software security patches to your computer automatically. The designated patch window is Sunday night -- patches are downloaded and installed while you are not working, so there is no disruption during business hours.

For this to work, your computer must be:

1. Powered on (not shut down -- sleep mode is fine)
2. Connected to the internet
3. Locked (press Windows + L before leaving)

After a patch is applied, you may see a notification asking you to restart your computer. Please restart promptly -- patches are not fully active until the machine reboots.

6. Keeping Your Computer Healthy Between Tune-Ups

Verito performs scheduled remote tune-ups on your devices (annually, bi-annually, or quarterly depending on your plan). Between tune-ups, these simple habits keep your computer running smoothly:

1. Restart your computer at least once a week. This clears temporary files, refreshes system processes, and ensures pending updates are fully applied.
2. Don't install software without checking with Verito first. Unauthorized software can conflict with your security tools, introduce vulnerabilities, or violate your firm's compliance posture. If you need new software, contact us and we will vet and install it.
3. Keep your desktop and Downloads folder clean. Thousands of files on your desktop can slow down your system. Periodically move old files to organized folders or delete what you no longer need.
4. Don't ignore "low disk space" warnings. If your computer warns you that storage is running low, contact Verito Support. We can help identify what is consuming space and clean it up safely.
5. Close applications you're not using. Tax software, multiple browser tabs, and Outlook running simultaneously consume significant memory. Close what you don't need to keep things fast.