what to do now … before the big rush
data security concerns
Data security is critical, especially because the IRS requires practitioners to implement a data security plan to renew their preparer tax identification number ("PTIN"). Read this section to help understand other data security concerns.
Update or create your written data security plan, as required by applicable law. IRS Publication 4557, Safeguarding Taxpayer Data: A Guide for Your Business, includes information on data security plan requirements. Don’t have a plan? AICPA Tax Section members can utilize the Gramm-Leach-Bliley Act Information Security Plan Template. The AICPA website also includes numerous additional resources on its Professional responsibilities in data security for tax professionals web page.
Review the firm’s controls pertaining to confidential client information.
Emphasize that firm policies regarding management and use of client information should not be bypassed due to tax deadlines. Consider updating your policies for new risks. Not sure where to start?
Controlling Your Data
is a good place.
Review the firm’s planned response to a data security incident, including its cyber liability insurance coverage. Don’t have an incident response plan? CNA policyholders may utilize eRiskHub. eRiskHub offers various resources, including training, to help manage data security risk.
Train all firm members on the importance of protecting client data.
Both physical and electronic data should be protected at all times, and especially during this busy time of the year. Read
The Armor of Awareness
to learn each firm member's responsibility to protect client data.
Be prepared for phishing emails.
As deadlines approach and CPAs become tired and stressed, they are more likely to click on a malicious link or open an attachment that contains a virus. Don’t get victimized by a cybercriminal includes tips for preparing for a cyber security incident, including phishing.