There’s no doubt that accountants everywhere should look at these guidelines as a guide to avoid penalties. But the more important risk that’s worth mitigating is the possibility of a breach itself. Several studies estimate that almost 90% of cyber breaches were the result of human error. When passwords are shared in unsafe ways, or email platforms are not double secured, it puts sensitive client data like banking logins and payroll system passwords at risk.
The industry data suggests that accountants specifically are becoming prime targets for international cyber criminals, intent on stealing identities and sensitive information. You are the custodian of your client banking logins, payroll passwords and taxation information – and as such, you hold an incredible weight of responsibility to protect that data and the way that it’s used.
Practice Protect ensures that you meet and exceed the IRS 4557 guidelines. With over 13,000 active accountants customers worldwide, it has become the industry’s most widely accepted digital security tool. Whether through single sign on functionality, one-click user off-boarding or locked access times and password cloaking for employee groups, Practice Protect puts in place many of the processes that a data security plan includes, simply by deploying it into your accounting firm.
However, a data security plan is still required in order to satisfy the W-12 PTIN renewal form Question 11. It states:
11. Data Security Responsibilities
I am aware that paid tax return preparers must have a data security plan to provide data and system security protections for all taxpayer information.
In order to tick this box in good faith, a data security plan must exist and be circulated to your entire organization (preferably with training).
So what should a compliant data security plan include? At Practice Protect, we offer a data security plan template for all clients, as a part of our Practice Protect University(PPU). The PPU is free for all customers and contains a wealth of resources and templates that assist accounting firms in compliance, training, digital security and up-skilling. We consulted with top-tier attorneys to create an industry-standard data security plan so that you wouldn’t have to. For those readers who are not Practice Protect customers, here’s a list of what should go into your data security plan.
Download our guide below to get see the full list.
It includes self-assessment protocols and cadence for employees, privacy notices and practice policy disclosures for clients, written security policies of all service providers, facilities security protection and procedures in event of disaster, and more.
All accounting firms in the United States who are tax preparers are required by the FTC Safeguards rule and IRS 4557 guidelines to have in place an information security plan which outlines the protocols and processes which protect customer information and guard against data breaches. This is reinforced by Q11 on the W-12 renewal form. Asking yourself “Do I satisfy the requirements to tick the Q11 box?” is an important question all firms need to ask well ahead of time. There’s other reasons this should become a priority for every accounting firm:
It’s a lot to take in – the data security report should be both an audit document (allowing you take stock of your situation) and active document (with the processes and protocols in place in the case of an adverse event).
“This has helped with my security, with me being up in the middle of the night, worried about our client data. I don’t do that anymore because it’s all securely protected by single sign-on and auto-generates. I just don’t have to worry about that.”
“While we were vetting Practice Protect, one of our clients had a hack. So we’re having this discussion on the one hand with a client who’s freaking out, and then on the other hand with Practice Protect, and I’m just like, “This is a no brainer, sign us up.” Don’t be a statistic.”
“You gave us a lot of support during that process, it was smooth and user-friendly. The team did a great job of holding my hand through the process.”
Almost there: please complete the form to request your...
Nearly there: please tell us where to send your guide...
Nearly there: Get your report here
Nearly there: Get your report here
Nearly there: Get your guide here