No industry is immune to cybercrime and the financial consequences of a data breach can be devastating – costing roughly $1.5 trillion annually (Bromium cybersecurity report).
Small to midsized accounting firms are top targets of cybercrime because they have direct access to sensitive personal and financial information, and they typically don’t have the IT defenses that big firms employ.
Last year, three different tax-themed spam campaigns spoofing ADP and Paychex hit accounting firms with versions of TrickBot, a financial malware buried in a MS Excel file that silently infects devices, steals client banking credentials, and then perpetrates wire fraud from the device owner’s account. This malware gives cybercriminals total control of the device, and can spread to other computers on the network.
In May 2019, a similar malware hit Wolters Kluwer, the provider of tax accounting software and cloud services to the top 100 accounting firms and 90% of Fortune 500 companies. They had to shut their systems down for several days to regain control.
Now for 2020, the FTC Safeguards Rule requires every tax professional, whether you are a partner in a large firm or a sole practitioner, and every Authorized IRS e-File Provider, to create and enact security plans to protect client data.
The new IRS Form W-12: Paid Preparer Tax Identification Number (PTIN) for Application and Renewal now includes a legal requirement for data protection:
As a result, every accounting employee should be educated about security threats from Phishing schemes to ransomware.
AllConnected offers a comprehensive solution to safeguard your taxpayer data
Contact Us to learn more and get started with smartConnect + CPA.
Some tax prepares may say, “I comply because I have PC anti-virus and everything is in the cloud, from Office 365 to hosted Quickbooks.”
But that is not enough. Does your PC have encrypted drives? Does your Microsoft subscription provide archiving, and for how long?
Can you honestly certify that your firm is fully compliant based on all the rules in the FTC Safeguards Rule Guide?
Consider SmartConnect + CPA
AllConnected’s SmartConnect + CPA managed services provides a simple, complaint-ready solution for Accounting firms.
The following are included:
of SharePoint, OneDrive, and email
2 calls per month included
protection and Backup if Needed
*To learn more about improving your “zero-trust” IT security policy, consider our: IT Security Awareness Training (in partnership with KnowBe4).
FTC Safeguards Rule Checklist
The following is the full FTC Safeguards Rule Checklist, in three tabs and color-coded to show how much is involved in the new data safeguard requirement, and how expansive our SmartConnect + CPA managed services are to protect your clients’ data:
Click on any of the tabs below to see more:
The success of your information security plan depends largely on the employees who implement it. Consider these steps:
Know where sensitive customer information is stored and store it securely. Make sure only authorized employees have access. For example:
Information systems include network and software design, and information processing, storage, transmission, retrieval, and disposal. Here are some FTC suggestions on maintaining security throughout the life cycle of customer information, from data entry to data disposal: