Cyber Security is necessary for all businesses of every size. With the exponential increase in ransomware attacks and phishing schemes, no business is safe without a Cyber Protection plan and consistent monitoring through a credentialed Cyber Security firm. In fact, CPAs have been recently targeted more aggressively. That’s why Cyber Protection for CPAs isn’t just a smart business practice, it’s a requirement. CPAs and Tax Accountants are required by the IRS to establish and continually maintain a Written Information Security Plan (WISP) to protect the firm’s data.
Why Is A WISP Important?
As a CPA, your clients trust you with a great deal of personal and professional information. Your clients expect you to properly safeguard their data, and it’s your responsibility to do so. Failure to safeguard data can result in serious consequences for your firm. In the event of a cyber breach, your systems may not be available, data may disappear, and in addition to significant lost revenue, your reputation and the reputation of your firm are all at risk. Data breaches are required to be disclosed to the IRS and the clients they affect. Many firms don’t recover from these devastating events.
What Is A Written Information Security Plan (WISP)?
Federal law requires all professional tax preparers to implement a data security plan in accordance with IRS Publication 5708. A WISP is a written plan that details the protocols, processes, and systems your firm has in place to protect your firm and your data from cyber breaches, attacks, and other threats that may compromise your data.
Primary requirements of a WISP include:
- A designated employee or group of employees who are responsible for implementing, maintaining and updating the WISP and all required processes and protocols contained in it.
- Evaluating your company’s customer information across all relevant areas, understanding the risks that may be putting your data in jeopardy, and evaluating the effectiveness of safeguards you currently have in place.
- Design and implement a data security program. Evaluate and test it regularly.
- Work with service providers that can help implement required safeguards, oversee their efficacy, and continually evaluate ongoing risks.
- Maintain and adjust your WISP as needed. Ensure it’s kept up-to-date and expanded as your business grows, adjusting for shifts in your business environment, keeping in mind that data security risks continue to grow in number and sophistication.
How Do I Know If My Firm Is In Compliance With Data Security Requirements?
Partnering with a credentialed firm of Cyber Security Engineers who specialize in protecting CPAs is the first step. The requirements of a WISP aren’t completed once the plan is in place. It requires ongoing maintenance, monitoring, and evaluation. Most firms need an experienced partner to help with that. You may be working with an MSP or “IT Guy” who set up your firewall or anti-virus software, but those basic services won’t satisfy the current data security requirements.
At ControlAltProtect, we specialize in Prevention, Detection, Response, and Recovery for CPAs. We’ll help ensure your firm is in compliance with all requirements, and most importantly, we’ll help protect your business and your clients from the growing threats of cyber crime. Contact us today at 877-CYBER911. We’ll start by taking inventory of your current data security environment and working with you on a solution that’s customized to your needs.