By Angel R. Rojas, Jr., DataCorps Technology Solutions, Inc.
It’s May … a month has passed since tax season ended and CPAs are returning from vacation, preparing to get back into the swing of things. On their dockets are items they put off because they had to focus on taxes — a huge chunk of their revenue. Among a few of those things are audits, marketing, administrative tasks, IT, catching up on emails, and planning for the next round of returns due in September.
Wait, did I just mention IT? Yes, I did. One of the major things CPAs address over the summer is IT and, this year, cybersecurity should be on their minds.
Why? Multiple reasons. For one, a major vendor of theirs was hacked so awareness is heightened around that incident but, more importantly, the IRS is making a big push for it.
In an email dated March 27th (and some as far back as September of 2018), the IRS has been reminding CPAs that a security plan is not optional. Heavy penalties can be levied, including the risk of a Federal Trade Commission Investigation if a plan is missing or not being followed. Sadly, the majority of closely held CPA firms are ill-prepared to fulfill any of these requirements.
To help them, the IRS has prepared Publication 4557, a surprisingly easy-to-read document outlining basic requirements that are flexible enough so that companies can implement safeguards that are reasonable for their own circumstances.
While the document is easy to read, CPAs may not necessarily be qualified to implement these safeguards and that’s where we, their trusted IT advisors, come into play. Let’s take a look at some of the recommendations and what we can do to help them create and execute a plan.
A word of warning: You should be doing this at your own MSP. The IRS and FTC are advising CPAs to “select service providers that can maintain appropriate safeguards” and “when signing a contract with a service provider, the [firm] should make sure the contract requires the provider to maintain safeguards and oversee their [own] handling of customer information.” Yes, you read that right: CPAs are being advised to put us under the microscope, too, so do not get caught with your pants down!
Finally, when CPAs get back to their busy seasons, don’t forget to market to mortgage brokers, payday lenders, nonbank lenders, personal property or real estate appraisers, professional title service firms, and others who fall under the FTC’s “financial institution” definition. They have the same requirements and, and by then, you should have plenty of practice performing the assessments and running through the plan!
About The Author
Angel R. Rojas, Jr. is president & CEO of DataCorps Technology Solutions, Inc.