CPA Cyber Security Obligations and Exposure Response
Through the normal endeavor of operating a firm, CPAs acquire significant amounts of confidential client information, including large amounts of personally identifiable information which they have a responsibility to protect. In addition to being targeted by IT network hackers for ransomware attacks, stealing client info is a ludicrous treasure trove for cyber hackers to monetize. This makes all accounting firms of all sizes a potential hacker target.
We Want To Give You A Free Cyber-Security Risk Assessment That Gives You The Answers You Want And The Certainty You Need
https://www.impresscomputers.com/cyberaudit/
Cyber protection is regulated
The handling of taxpayer data includes an obligation to take liable measures to protect against hackers and securing taxpayer data is a legal requirement. The financial services modernization act of 1999 gave the federal trade commission the authority to designate regulations for paid tax preparers which required them to enact security plans to protect client data. These regulations also imposed criminal and monetary penalties for making unauthorized disclosures of taxpayer information. To assist with compliancy, the IRS provided guidance to help with awareness of adequately protecting client data, the utilization of antivirus and malware applications, firewalls, multi-factor authentication, encryption, backup software, and virtual private networks.
Obligation to maintain confidentiality
CPAs need to implement the best practices to protect confidential client information from the time of that data’s initial acquisition to its eventual lawful destruction. It is important that internal training includes a discussion on keeping data impacted using these technologies as confidential. Firms needs to discuss the assignment of appropriate access rights to digital applications for both firm members and clients. Additionally, the impact of remote work needs to be emphasized, not only in client or public spaces but also working from home where family members may be able to see or overhear conversations.
How to know if you’ve been hacked
Even with a comprehensive cybersecurity plan in place, a firm’s IT network and resources can still become compromised, so it is important for personnel to know how to respond in the event of a breach. The education of personnel such that they become capable of identifying warning signs of a data breach is the first step. Breach indicators can include notifications of changed passwords, odd emails being received, tax returns being inexplicably filed, having bank routing information changed, returns being rejected because they were already filed, or in the worst case getting a ransomware notice that all files have been encrypted.
We Want To Give You A Free Cyber-Security Risk Assessment That Gives You The Answers You Want And The Certainty You Need