Three Questions CPA Firms Should Consider To Avoid Compromising Client Identities

In the previous post, we talked about why IT and Technology is important to your business and what it could potentially be costing you.

Today, we have a different story about technology and losing data.

A quick story…imagine walking into your office on a Saturday morning during tax season to find a staff member waiting for you with sweaty palms and a look of terror on her face. She takes a while to get the words out, but you soon discover that she backed up some client files to an unencrypted flash drive and dropped it in her purse before going to “happy hour” the night before.

Upon returning to her table from the restroom, she notices her purse is gone. She had been preparing payroll tax returns for several clients with multistate locations, and the flash drive that she dropped inside contained payroll data such as names, Social Security numbers, addresses, salaries, and wages.

At this point, you’re probably starting to sweat from the stress and you undoubtedly have tons of questions.

  • What other data was on this flash drive?
  • Which records were exposed?
  • What information should be shared with your staff?
  • How should they respond to related inquiries?
  • How and when should the firm break the news to affected clients?
  • Is the clock ticking on state law requirements to notify affected businesses and individuals?
  • Does state law require you to offer credit monitoring services to affected individuals?

CPA firms and other regulated industries have made great strides in embracing technology. Electronic data management systems, client portals, and cloud-computing has helped the ease of doing business. However, there’s been tons of discussion recently around the importance of data and information security.

For CPA firms, as an example, it’s because tax professionals are prime targets for identity thieves that want to steal your client data, and it’s happening at an alarming rate.

Cybercriminals don’t give up. They’re crafty using techniques to gain access to your systems, steal sensitive data, even file fraudulent tax returns and create financial havoc for you and your clients. Securing this data is a necessity for every business, included regulated ones.

Create and maintain a technology security plan

Creating and maintaining a technology and security plan should top the list of things to do to fight technology and cyber-crime issues.

The Federal Trade Commission requires all financial institutions (yes, even CPA’s and tax return preparers) to have a data security plan. Your plan should be designed to protect sensitive taxpayer data entrusted to you.

While a technology security plan does not guarantee that your business will not be targeted, it WILL help you identify what aspects of your business may be vulnerable and how to improve your security related to those vulnerabilities.

3 ways criminals can steal data

Cybercrime is devastating to any firm and business, and its clients.

Here are three of the most common methods of data theft and cybersecurity.

  1. Phishing. Phishing is an attempt by hackers to obtain confidential information from internet users, typically through a web page or an email that masquerades as a trusted source. Believing the request to be legitimate, people can be tricked into freely divulging their details


  1. Malware. Malware is malicious software that’s typically delivered to a computer through email attachments and automatically installed on the machine to extract sensitive data, including computer viruses, worms and spyware.


  1. Ransomware. Ranomsware is malware that encrypts and locks people’s keyboards or computers to prevent them from accessing their data and leaves instructions — usually for a fee — to regain access.


Avoid these 3 pitfalls by having a technology relationship that guides you to being prepared to overcome these.

Technology can be a mess. Let us take it off your hands, so you can do what you do best. Fill out the form below to schedule time to learn how we can become your technology partner.

Ready to Make Technology Work For You?

  • This field is for validation purposes and should be left unchanged.