Review the firm’s controls pertaining to confidential client information. Emphasize that firm policies regarding management and use of client information should not be bypassed due to tax deadlines. Consider updating your policies for new risks. Not sure where to start? Controlling Your Data is a good place.
1
Review the firm’s planned response to a data security incident, including its cyber liability insurance coverage. Don’t have an incident response plan? Utilize eRiskHub if you are a CNA policyholder. eRiskHub offers many resources, including training, to help manage data security risk.
2
Update or create your written data security plan, as required by law. IRS Publication 4557, Safeguarding Taxpayer Data: A Guide for Your Business includes information on what must be included in a data security plan. eRiskHub’s Risk Manager Tools includes sample policies that may be leveraged. AICPA Tax Section members have access to a Gramm-Leach-Bliley Act information security plan high-level template available via the Tax Technology Resource Center landing page.
3
Train all firm members on the importance of protecting client data, both physical and electronic, at all times, and especially during this busy time of the year. Read The Armor of Awareness to learn what each person at the firm can do to protect client data.
4
Be prepared for phishing emails. As deadlines approach and CPAs are tired and stressed, they are more likely to click on a malicious link or open an attachment that contains a virus.
5
freshh-connection-HJckKnwCXxQ-unsplash
what to do now … before the big rush
5 data security concerns to address
Get the latest installment with best practices, examples, and SEO tips straight to your inbox each week.
Subscribe