By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
By Randy R. Werner, CPA, JD, LLM/Tax
The widespread growth of remote work is opening new access points and vulnerabilities for hackers to exploit. CPA firms are already target-rich environments for identity thieves, and any new vulnerabilities exacerbate the profession’s cyber-related challenges. Data security has become an urgent concern for the accounting profession.
Clever hackers have many ways of exploiting CPAs facing tax-filing deadlines, especially when firms have outdated software, vulnerable email systems, and inattentive employees. As the sophistication of hackers and other cybercriminals increases, so do the types of threats and the scope of data breaches.
Ransomware attacks have increased exponentially for all types of businesses and institutions, ranging from small and medium-sized entities to large organizations. For example, Michigan State University (MSU) and the University of California at San Francisco (UCSF) were both been victimized, according to media reports. MSU opted not to pay the ransom demanded, a decision that culminated in personal information and financial documents being published online. UCSF opted to pay a $1.14 million ransom demand to recover malware-encrypted data. CPA firms, too, have been experiencing a surge in ransomware attacks over the past couple of years.
Firms must be extra diligent in following established security measures and safeguards. Remind all employees of the importance of strict adherence to security protocols and established safeguards.
Although not meant to be all-inclusive, the following basic best practices are extremely important and should be prioritized:
The IRS requires tax return preparers to comply with the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which establishes minimum requirements for protecting sensitive client data. Requirements include having in place a written information (data) security plan, periodically reviewing the effectiveness of the program, and reassessing the risk factors as well as any material changes to the firm’s operations.
Periodically assessing the appropriateness of your security measures and safeguards – given any changes that you may have had to your firm’s operations, as well as any changes to potential internal and external security risks – are critical steps to ensure your firm’s overall preparedness. Set aside some time to review the safeguards and make changes necessary to ensure that you have the right measures in place to protect your clients’ information.
Special attention should be given to ensuring your firm continues to prioritize appropriate cybersecurity awareness training. Scheduled training may have been interrupted due to the pandemic, or the training may require updating to address pandemic-related threats to your existing protocols and infrastructure.
Review and enhance, if necessary, your firm’s incident response plan. There is no substitute for taking appropriate cybersecurity precautions, but it is also important to plan for the worst and have in place a comprehensive incident response plan.
A firm’s efforts to comply with the GLBA Safeguards Rule is an organization-specific initiative. As such, CAMICO recommends that each firm work with its IT/cyberspecialists and legal counsel, as appropriate, to modify and tailor the firm’s incident response plan to ensure compliance with GLBA’s Safeguards Rule and other applicable laws.
Visit the IRS’s website for detailed guidance. You can also refer to IRS Publication 4557, Safeguarding Taxpayer Data, for additional guidance. This publication details critical security measures that all tax professionals should have in place.
Randy R. Werner, CPA, JD, LLM/Tax, is a loss prevention executive with CAMICO. She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. She can be reached at rwerner@camico.com.
Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.
Order by
Newest on top Oldest on top