what to do now … before the big rush
data security concerns
Data security is critical, especially since the IRS began requiring practitioners to implement a data security plan in order to renew their PTIN. Read this section to understand other data security concerns.
Update or create your written data security plan,
as required by law.
IRS Publication 4557, Safeguarding Taxpayer Data: A Guide for Your Business, includes information on data security plan requirements. Don’t have a plan? AICPA Tax Section members can utilize the Gramm-Leach-Bliley Act Information Security Plan Template.
Review the firm’s controls pertaining to confidential client information.
Emphasize that firm policies regarding management and use of client information should not be bypassed due to tax deadlines. Consider updating your policies for new risks. Not sure where to start?
Controlling Your Data
is a good place.
Review the firm’s planned response to a data security incident,
including its cyber liability insurance coverage. Don’t have an incident response plan? CNA Policy holders may utilize
. eRiskHub offers many resources, including training, to help manage data security risk.
Train all firm members on the importance of protecting client data,
both physical and electronic, at all times, and especially during this busy time of the year. Read
The Armor of Awareness
to learn each firm member's responsibility to protect client data.
Be prepared for phishing emails.
As deadlines approach and CPAs become tired and stressed, they are more likely to click on a malicious link or open an attachment that contains a virus.