Cybersecurity is an issue that threatens every industry, including CPA practices. A Cost of a Data Breach Report found that the “average global cost of a data breach...was $3.92 million in 2019”.
It’s more important than ever for CPAs to develop a data security plan to protect clients’ private information. It some cases, having a plan is a matter of federal and state law.
We offer 3 steps for battling cyber thieves in your CPA practice.
Why A Cybersecurity Plan Matters
As a CPA, you handle a lot of sensitive client data. Information like social security numbers, tax ID numbers, bank account numbers, and the like are prime targets of cybercriminals. In some cases, the thieves can actually file fake tax forms and defraud your clients of their tax refunds.
The Cost of a Data Breach Report found that the top 3 causes of data breaches in most enterprises are:
- Malicious & criminal attacks (51%)
- System failures & glitches (25%)
- Human error or neglect (24%)
Developing an information security plan is vital in order to shore up vulnerabilities and protect sensitive data. Here are three steps to take in creating an IT security plan.
Step 1: Update Antivirus Software
The most basic information security plan should start by using antivirus software or apps. Be sure to keep this software updated. It serves as your first line of defense.
Step 2: Educate and Train Your Employees
Many data breaches occur because of risky behaviors on the part of employees. Phishing schemes and emails that contain malware are popular tools of cyber thieves. These schemes are designed to steal data or invade networks when someone clicks on malicious links.
Downloading illegal software or content and visiting unauthorized websites can also put your system at risk.
To protect your data, it’s important to train employees and establish cybersecurity protocols for them to follow.
Step 3: Comply with Federal and State Regulations
Federal law requires all CPA firms to create a written data security plan. Many states have laws that surpass federal statutes so make sure you are familiar with those regulations as well.
The Financial Services Modernization Act of 1999, set new guidelines for financial entities, including CPAs.
FTC Safeguard Rules state that professional tax preparers must enact information security plans in order to protect client data.
A data security plan template must include:
- Designating employees to coordinate an information security plan
- Identifying risks that affect client information
- Evaluating the effectiveness of current cybersecurity measures
- Designing & implementing safeguard programs
- Monitoring & testing safeguard programs
- Selecting a service provider to maintain safeguards
- Making adjustments to your IT security plan as needed
For complete regulations, download “Protect Your Clients; Protect Yourself: Tax Security 101”. The report outlines guidelines as part of a Security Summit awareness campaign in conjunction with the IRS.
Protect Your Clients, Protect Your Business
It is vital for CPAs to develop a security plan in order to protect sensitive client data. Failing to do so can cost you millions. It can also lead to fines or legal action if you don’t comply with federal and state regulations.