Cyber security is an ongoing and growing threat to all businesses, but for accounting firms it is especially problematic given the volume, sensitivity, and critical nature of the information that is received in various formats and handled on a daily basis, often by multiple people. In addition, the potential for a cyber breach involving a firm’s client information can have a devastating and potentially terminal impact on its reputation and viability. This makes remaining vigilant about the latest cybersecurity measures a critical part of protecting your practice and ensuring the continuity of your business.
An important development in cybersecurity protection has emerged over the past several years in which many insurers are eliminating or significantly reducing the coverage which was typically available in cyber liability insurance coverage. This means that in order to keep pace with the latest best practices necessary to protect your firm, having cyber liability coverage is no longer enough. Now is the time to mitigate as many risks as possible using this cyber security checklist from Securex, a company which specializes in data security plans for accounting practices:
- Learn about the current IRS requirements and recommendations for a data security plan specific to tax preparers as well as other regulations and risks to which your firm may be exposed.
- To begin, conduct a thorough cyber liability assessment to identify the potential risks for your firm.
- Start with a thorough cyber liability assessment to identify the potential risks for your firm. As per the requirement of the IRS, appoint a member of your team who will be the official 'Information Security Officer' who oversees the creation of your plan.
- Using this assessment, look for gaps in your current coverage.
- Create a plan to close these gaps with a comprehensive assessment of where your firm’s cyber liabilities are at present and the specific steps you need to address them to prevent future issues.
- Compare liability insurance policies and cyber riders to select coverage that maximizes your protection at a reasonable cost.
- Create and update the required documentation for the IRS, other governing bodies and any insurer you are working with as well as laying out a written plan for how you are protecting your clients’ data and all of the sensitive information your firm handles.
- Ensure that data security and cyber risk mitigation plan and training are distributed to your employees and any third-parties who need to be aware of it.
The steps above will help your firm prepare for the reality of today’s cyber security environment which is dynamic and requires a proactive, planned approach for the protection of your firm. Above all, having a plan in place to identify, monitor, and address the risks specific to your firm’s services can mitigate the potentially disastrous cost of falling short of compliance requirements (i.e. Issues such as the GLBA/FTC Safeguards Rule, IRS Data Security Plan and state-based requirements such as the New York SHIELD Act, NYDFS, as well as federal regulations including HIPAA ), IT remediation, client notification and legal action in the event of a breach and third-party client or government legal action and fines is imperative.
While a cyber liability insurance plan may cover some of these items, they are costly and often contain ambiguity related to breaches, what is covered and who is at fault (often shifting responsibility to your firm). To mitigate as many risks as possible, you need to take a multi-pronged, perpetual approach in contrast to a once a year insurance review which will leave your firm exposed to emerging threats. Few firms have the in house expertise required for this level of surveillance, that’s why in addition to planning and using the above checklist, you may also wish to consider engaging an third-party cybersecurity and compliance specialist who can help you keep your firm, client data and clients as safe and secure as possible.