Lake Saint Louis, Missouri

CPA's & Cyber Security June 4, 2019

Lake Saint Louis, Lake St. Louis
CPA's & Cyber Security, Lake St. Louis, Missouri

Imagine your CPA getting hacked and suddenly - all of your data is for sale on the Dark Web.


Someone opens a Credit Card in your name, your bank accounts are empty,


You file your taxes and get a note from the IRS that they show you have already filed.


Well, guess what, this and a lot more could happen to you!


The IRS has been pushing CPA’s to get their data secured for months now, but have they?


In an email dated March 27th (and some as far back as September of 2018), the IRS has been reminding CPAs that a security plan is not optional. Heavy penalties can be levied, including the risk of a Federal Trade Commission Investigation if a plan is missing or not being followed.


Sadly, the majority of closely held CPA firms are ill-prepared to fulfill any of these requirements.


To help them, the IRS has prepared Publication 4557, a surprisingly easy-to-read document outlining basic requirements that are flexible enough so that companies can implement safeguards that are reasonable for their own circumstances.


While the document is easy to read, CPAs are not necessarily qualified to implement these safeguards.


Let’s take a look at some of the guidelines established by the IRS.


Assign a champion.


CPAs understand they hold some of the most private and sensitive information about their clients, so the standards should be high when building the plan. In order to be successful doing this, someone at the firm must take ownership of the process and responsibility for the firm's adherence as time goes on. Without an internal champion, this compliance will be an exercise in futility.


Perform a risk assessment.


The first step in addressing cybersecurity is always to assess the risks. There are plenty of templates and examples of risk assessments available — choose one and stick with it. This should be completed in a collaborative manner.


Implement protections.


Once the risk assessment is completed and you know the risks and what needs to be protected, a sensible number of protections should be implemented. They may include security monitoring, next-gen antivirus, improved firewalls, backups, and disaster recovery planning, security training, two-factor authentication, and the removal of some conveniences such as remote access, if appropriate.


This is not mandated by the IRS, but the steps taken should be determined based on the assessments and ongoing evaluations. When anything changes on the network, a new assessment should be performed, in addition to conducting a new one every year.


As a part of the ongoing evaluation, the new protections and controls should be tested to ensure they are functioning as planned and systems should be updated as needed.


It’s time you tell your CPA if they don’t secure your data according to the IRS Publication 4557, you’ll take your business elsewhere.









Published by Angel R. Rojas, Jr

Other Announcements, Events and Deals from HBB Tech
4 Reasons Why You Should Use Cloud Storage, Lake St. Louis, Missouri
Businesses are relying more and more on services like cloud backup systems. Cloud providers offer enhanced service, security, and convenience. By storing your information on the more
A Guide to Security of the Cloud , Lake St. Louis, Missouri
A standard arm of a small business’s cybersecurity plan is a backup of their systems in the cloud. Many people, however, are concerned about how safe these remote storage spaces can more
IT Security Tip #5: Never use PERSONAL devices to connect to COMPANY data , Lake St. Louis, Missouri
  You’re a hardworking team player who likes to check e-mail and get a few things done after hours – all good! But here’s something you might not know: you should never access more
New Android Malware Replaces Legit Apps With Fake Apps, Lake St. Louis, Missouri
Researchers just yesterday released details about a widespread Android malware campaign where attackers replaced legitimate apps with their malicious versions on more
New Mac Malware Exploits Bug that Apple Left Unpatched, Lake St. Louis, Missouri
  Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS macOS Gatekeeper Bypass more