By Torpey White, CPA, CITP, CISA

You have filed your tax return, and you have worked through either the joy of getting a refund or the disappointment of having to pay more tax. Now what? Well, first you should file the documents somewhere safe and keep them for at least three years after the due date of the return. And second – though this isn’t talked about very often – change your passwords.

If you are like the majority of taxpayers, during the process of preparing and gathering the documents you needed for filing this year’s return, you more than likely needed to log into a website – whether it was your bank, investment fund company, retirement plan administrator, or health savings or flexible spending account institution – to access important financial information. These documents contain sensitive information, a partial picture of your financial life. What would you do if someone else was able to access it, change it, move it, or delete it?

I think the end of tax season is the perfect time to think about changing the passwords to most, if not all, of the websites storing your financial data. Think of it like an identity security ritual similar to the changing of the batteries in smoke detectors that we do when changing the clocks in the fall.

Changing your password on a regular basis (no less than a year) to any website you use is a smart idea. Threats to your financial data are present all the time, whether or not you know about them. While the breaches of data announced on the news are easy to react to, the breaches you don’t know about can be especially threatening. Not every breach of data makes the news, and many are reported long after the actual crime has happened. Sometimes your data may have been compromised and you won’t know about it.

Hackers use data such as usernames and passwords to gather as much information as they can about you, and then use it against you or sell it to other thieves. By routinely changing your passwords, you make a portion of the data that was stolen useless or harder for the thieves to use. Thieves want easy access to data; they don’t want to work hard to get it. For U.S. citizens, the first four months of each year are a great time for hackers to troll for data because so many people are logging into various accounts to obtain their tax information. Let’s say you become a little stressed during tax prep time and are not thinking clearly: one click on a link from what looks like a legitimate site can turn out to be a hacker sending you to a site that grabs your username and password.

Tax season is over, and you are likely thinking about summer plans and getting outside. But before you file away all your papers and put on your shorts and sunscreen, change those passwords. You will be glad you did.

Torpey White, CPA, CITP, CISA, is a partner, risk advisory and forensic services, with Wipfli LLP in Media, Pa. He can be reached at twhite@wipfli.com.