Tax preparers are likely cybercrime victims. Developing a cybersecurity plan and purchasing the right insurance will help keep your firm safe.
Tax preparation companies attract cybercrime like magnets collect iron shavings. The reason is plain to see: They are a treasure trove of valuable personally identifiable information (PII), including current and former tax returns. But an actual data breach isn’t inevitable. Tax preparers can protect their clients and firms by instituting a cybersecurity plan and purchasing cyber liability insurance for small businesses.
Tax Professional Cyber Risks Are Mounting
A well-documented cyberthreat entails criminals breaking into your computers to steal client PII or tax returns. They leverage this data to perpetrate identity theft that can lead to thousands of dollars in client losses and legal headaches for you.
A similar fraud involves sending emails requesting tax preparers to update their tax-preparation software. When preparers click on a link, criminals install malware on their computers, allowing them to generate phony client tax returns and claim undeserved tax refunds.
A third scheme asks tax preparers to update client bank accounts. When it comes time to remit funds to the person, the money goes to the hacker’s account, not the client’s.
Another common fraud involves ransomware. When tax preparers click on nefarious email links or attachments, they end up downloading malware that attacks their computers, holding files hostage until they pay a ransom.
Finally, with the burgeoning use of cloud-based accounting and tax-preparation applications, criminals exploit security vulnerabilities that allow them to steal client tax returns and prepare new tax returns claiming illegitimate tax refunds.
These are just a few typical frauds cyber criminals perpetrate on Tax professionals. The good news is that your firm doesn’t have to suffer damage from a cyber-breach. If you develop a stringent cybersecurity plan, which federal law requires, and buy cyber liability and data breach insurance, you’ll be well on your way to preventing future attacks.
Cybersecurity Basics for Tax Professionals
The federal government means business when it comes to tax-preparation firm cybersecurity. The Gramm-Leach-Bliley Act requires that tax professionals create a data security plan to protect client data. It should be customized, reflecting the nature of your business and the clients you serve. The Federal Trade Commission (FTC) is the enforcement agency for tax firms, which must comply with its “Safeguards Rule.”
The more sensitive client information you store locally or on the cloud, the more carefully you need to protect it. Typically, your security measures should involve:
- Employee training
- Company IT systems
- Intrusion detection systems
The IRS publication Safeguarding Taxpayer Data: A Guide for Your Business is an excellent resource for tax preparers wishing to protect their clients and themselves against cybercrime.
A key defensive measure is to identify your computer’s specific client PII. Look for and protect client data, such as names, addresses, W-2 and 1099 forms and tax returns. The IRS recommends a robust defense of client PII entailing the following steps:
- Secure all PII stored locally and on the cloud. Assure that only employees with proper credentials have access to it.
- Make client data available only to employees who present a valid password. Also, make sure to archive the information in a secure place.
- Store PII only on computers that are inaccessible to the internet.
- Use appropriate standards when sending data over the internet (example: Secure Sockets Layer or SSL).
- Always encrypt PII before sending it via email. Avoid email and use Secure File Transfer Protocol (SFTP) if possible.
Two other important points: train your team on cybersecurity and frequently test your data security measures for flaws.
All employees must agree in writing to adhere to your cybersecurity plan. But agreement is just the starting point. They also need to know how to implement common-sense security techniques. These include always encrypting sensitive client data before emailing, verifying all financial requests from third parties before executing them, as well as alerting appropriate parties to intrusion attempts, using company data carelessly and hardware that might lead to a breach.
Once you have a cybersecurity plan, monitor and test it annually, if not more frequently. If you uncover chinks in your security cordon or experience a breach, take steps to harden your plan to prevent future incidents.
Other steps you should take to keep your firm safe:
- Track network activity to uncover evidence of improper access and use of client files.
- Implement an intrusion warning system.
- Be alert to the transmission of large amounts of data sent to suspicious locations and entities.
The Importance of Cyber Liability and Data Breach Insurance
Since cyber threat vectors constantly evolve, it’s difficult for a cybersecurity plan to remain effective for long. With breaches always looming, it’s essential to protect your firm with comprehensive cyber liability and data breach insurance and other protection, such as professional liability insurance.
Cyber liability and data breach insurance indemnifies tax-preparation firms against first- and third-party claims of financial loss after a cyberattack occurs.
First-party claims typically include expenses for damage assessment and repair. So, if you need to hire someone to do a forensic analysis of your loss, your cyber insurance will pay the bill. The same is true when you retain vendors to repair your computer hardware and applications. Plus, affected clients get free credit-monitoring support.
Third-party claims involve outside people or firms filing a lawsuit against you because your breach harmed them financially. In this case, cyber liability insurance handles your legal expenses, including lawyer bills, regulator penalties and court-imposed settlements and judgments.
Protect Yourself
Owning a tax-preparation business can be risky, especially in these days of cybercrime. However, you’re not alone. When you buy cyber liability insurance protection, you’ll have experienced insurance professionals on your side to help you survive and return to normal after a data breach.
With insurance, you won’t have to pay for first- and third-party costs out of your pocket— which can amount to five or six figures or more. Fortunately, as long as you keep your insurance in force, your insurance company will provide the financial backstop you need to continue operating your business for many years to come.
Are you in the market for cyber liability and data breach insurance? Check out the coverage available at 360 Coverage Pros, with premiums starting at just $199 annually.
