Review the firm’s controls pertaining to confidential client information.
Emphasize that firm policies regarding management and use of client information should not be bypassed due to tax deadlines. Consider updating your policies for new risks. Not sure where to start?
Controlling Your Data
is a good place.
Review the firm’s planned response to a data security incident,
including its cyber liability insurance coverage. Don’t have an incident response plan? Utilize
if you are a CNA policyholder. eRiskHub offers many resources, including training, to help manage data security risk.
Update or create your written data security plan,
as required by law. IRS Publication 4557,
Safeguarding Taxpayer Data: A Guide for Your Business
includes information on what must be included in a data security plan. eRiskHub’s Risk Manager Tools includes sample policies that may be leveraged. AICPA Tax Section members have access to a Gramm-Leach-Bliley Act information security plan high-level template available via the 
Tax Technology Resource Center
 landing page.
Train all firm members on the importance of protecting client data,
both physical and electronic, at all times, and especially during this busy time of the year. Read
The Armor of Awareness
to learn what each person at the firm can do to protect client data.
Be prepared for phishing emails.
As deadlines approach and CPAs are tired and stressed, they are more likely to click on a malicious link or open an attachment that contains a virus.
what to do now … before the big rush
data security concerns to address