FTC Safeguards Rule for Accountants Impact IT
The Federal Trade Commission (FTC) has ruled that all accountants that are paid tax preparers must create a written data security plan (AKA risk assessment) to protect client data. Not only must a risk assessment be completed, but the accountant must also select a service provider who can maintain appropriate safeguards required to protect client data.
These rules are collectively known as the FTC Safeguards Rule and have a clear impact on IT support for accountants that prepare taxes.
We have been working with Next Century Technologies (NCT) for over a year now. Their team is knowledgeable, polite and punctual in responding to our requests.
- Chrysantha Clark, Meridian Wealth Management
Our IT Support for Accountants
All of our Managed Service Plans Include:
- Antivirus/antimalware security software provided for all computers and servers
- Satisfaction guarantee!
- IT Consulting Services:
- 24/7/365 support!
- Help with picking out new hardware and software
- Help with selecting an internet provider and speed
- Help dealing with the internet provider when there’s a problem
- Bi-annual tech assessment and roadmap
- Friendly and responsive technical support for your staff includes:
- Priority response guaranteed with our Service Level Agreement (SLA)
- Four ways to open a ticket: by phone, by web portal, by e-mail or in-person
- E-mail help including e-mail encryption support
- Both on-site and remote support
- Flat-rate prices for new PC setups
- Domain name help
- Help with Microsoft and Office365 applications
- Troubleshooting of Windows operating systems
- Troubleshooting of Server operating systems
- Maintenance of desktops and servers including:
- 24/7/365 monitoring of computers, servers, switches, firewall and internet
- Patches and updates for operating systems
- Patches and updates for Microsoft products
- Backup monitoring and testing
- Monitoring of server event logs
- Hardware lifecycle management and inventory
- Systems documentation
- Uninterruptable power supply (UPS) monitoring and testing
- IT Management:
- User management (add/delete/change)
- Firewall management
- Switch management
- Wireless management
- Free on-site travel for Fayette and surrounding counties
For CPAs and accountants we also add:
- A security risk assessment (SRA): We find the gaps in your cybersecurity and help develop a plan to remediate them.
- Dark web monitoring: Proactively monitor the dark web for your staff’s credentials. The sooner they are notified, the better. Staff also has the ability to scan the dark web for their personal, friends and family accounts!
- Continuous Education: Weekly 2-minute micro training videos w/quiz combined with a monthly security newsletter and annual training keep cybersecurity top of mind and engaging.
- Simulated phishing campaigns: Who falls for it? Who passes? Keep your staff on their toes!
- Outlook plug-in to check for phishing: Not sure if it’s a phish? This little plug-in can help!
- A set of written security policies and policy acknowledgement: Our online document portal contains a variety of customizable security policies from BYOD to Security Incident Response.
- Interactive leaderboard: For staff, an interactive leaderboard inspires friendly competition for continuous education. For managers, employee names are featured with a report for performance evaluations plus track who needs more help!
- Password management software: Who can remember unique passwords for everything? You can! With the help of our password management software designed and secured for business, you and your staff can keep up with all your passwords without writing them down!
Our ProCare Managed Services are Unmatched in Quality
Ensure You are Compliant with the New Guidelines for Accountants
You, as an accountant and professional tax preparer, touch some of the most critical data known to a business owner – the books! It's no surprise that the Federal Trade Commission (FTC) has ruled that all accountants who are professional tax preparers must create a written data security plan (AKA risk assessment) to protect client data. Not only must a risk assessment be completed, but the tax preparers must also select a service provider who can maintain appropriate safeguards required to protect client data.
I can confidently recommend Next Century Technologies as a solid and reliable business partner and experts in their field.
- Brian Klink, Century Bank
Why the change?
Thieves use stolen data from tax preparers and accountants to create fraudulent returns that can be harder for the IRS and state tax agencies to detect.
Next Century Technologies has the experience to help you meet these requirements. We’ve been helping community banks and HIPAA entities with these same challenges since 2012. We are here to help you improve cyber security, train your staff, provide the monitoring and management needed to meet the requirements detailed by the IRS.
We have the safeguards to keep your computers secure:
Our managed IT service agreements allows us to monitor and manage your IT environment, as well as provide help desk for any IT-related issues that may occur. We will also help develop your risk assessment remediation plan and find the best solution for correcting critical vulnerabilities.
Our Elite Managed Service Plan includes the following cybersecurity protections and features:
A security risk assessment: We find the gaps in your cybersecurity and help develop a plan to remediate them.
Dark web monitoring: Proactively monitor the dark web for your staff’s credentials. The sooner they are notified, the better. Staff also has the ability to scan the dark web for their personal, friends and family accounts!
Continuous Education: Weekly 2-minute micro training videos w/quiz combined with a monthly security newsletter and annual training keep cybersecurity top of mind and engaging.
Simulated phishing campaigns: Who falls for it? Who passes? Keep your staff on their toes!
Outlook plug-in to check for phishing: Not sure if it’s a phish? This little plug-in can help!
A set of written security policies and policy acknowledgement: Our online document portal contains a variety of customizable security policies from BYOD to Security Incident Response.
Interactive leaderboard: For staff, an interactive leaderboard inspires friendly competition for continuous education. For managers, employee names are featured with a report for performance evaluations plus track who needs more help!
Password management software: Who can remember unique passwords for everything? You can! With the help of our password management software designed and secured for business, you and your staff can keep up with all your passwords without writing them down!
What is a data security plan AKA risk assessment?
As a reminder, one of the most important aspects of complying with the IRS is to create a data security plan or security risk assessment to evaluate how an organization is protecting patient data.
“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.”
Many in the tax professional community do not realize they are required under federal law to have a data security plan. It is the document that will first be looked at in any type of audit or investigation.
According to the IRS online publication titled “Tax Security 2.0 – A “Taxes-Security-Together” Checklist, each tax preparer’s company, as part of its plan, must:
- designate one or more employees to coordinate its information security program;
- identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
- design and implement a safeguards program and regularly monitor and test it;
- select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
- evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.
The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances. The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operations.
Why is a security risk assessment so important?
Why is the SRA so important? Simply put, the output of the SRA will give you recommendations on how to reduce the risk of a data breach, which in turn reduces fraud.
How does it work?
The SRA looks at all systems that contain client data. It evaluates all the threats to that data, looks at all vulnerabilities to the systems that contain the data and evaluates the current protections that are in place to protect the data. Based on all of the information that is gathered and evaluated the results of the SRA will show the areas of greatest risk of a breach, and provide a playbook (we call it the Work Plan) for how additional protections can lower the risk of a breach of patient information.
In addition to providing recommendations on how to reduce the risk of a data breach, the SRA process is widely considered to be a best practice in cybersecurity circles. Cybersecurity is an issue for all organizations to deal with, not just tax preparers. Many organizations including banks and HIPAA-covered entities conduct regular SRAs as a way of reducing risk in their business and helping keep their business systems operational.
There are several methods used to perform an SRA. We follow the standards set by the National Institute of Standards (NIST). For many organizations, an SRA can be a time-consuming process. Not so with us! We have perfected a process that minimizes the amount of time required to perform a comprehensive SRA.
As mentioned above, the SRA will point out areas where the risk of a data breach can be reduced. A key point is that it is not possible to eliminate all risks. No matter how much an organization spends to implement additional security measures, some risks cannot be completely eliminated. The goal of implementing the recommendations of a risk assessment is to lower risk to the point that it is acceptable to the organization.