According to a recent Woodard poll, two-thirds of accountants, bookkeepers and tax preparers do not have a formal plan to protect their client information. Experts predict that oversight of data security plans will increase this year and onward, and non-compliant firms will face potential investigation by the Federal Trade Commission (FTC) with the promise of substantial penalties.
Which portion are you in? Do you have a formal plan or not? Do you protect your clients' data? Are you taking all of the steps that you should be?
And have you documented your plan and the steps you take?
Regardless of your practice size, you need a robust data security plan (although it will take much less time to implement and document for a sole practitioner). In this series of articles, we have outlined the components of a data security plan per IRS recommendations
In this final article in the series, we will outline how you need to write down your data security plan as required by the FTC's Standards for Safeguarding Customer Information. And, more importantly, we will provide an Excel workbook that will help you evaluate, implement and document your data security plan.
How to Document Your Data Security Plan
The FTC's standards require you to develop, implement, and maintain a comprehensive security program that is appropriate to the size and complexity of your practice and the nature and scope of your services. What exactly does that mean?
Your comprehensive security plan should include all of the measures implemented within your organization, including these five components we have previously outlined. Each of these components is described, including action items for you to take, in these articles.
- Install and update antivirus software that scans files and memory for malware
- Use firewalls to shield your computer or network from malicious traffic or malware
- Use two-factor authentication to secure email, accounting software or any password-protected product
- Routinely back up critical files to a secure external hard drive or cloud storage service
- Encrypt files on computers and removable media
Your plan should describe the role that each person in your organization (including any contractors or service providers) plays in security. In addition, your plan should address how you will educate your team about methods hackers use to access data and best practices to counteract those threats.
How you choose to document your data security plan is up to you. As an accounting professional, you are probably quite comfortable with Excel spreadsheets. That is why we created an Excel workbook that you can download for free. The workbook includes steps and action items to walk you through evaluating your risk and implementing data security measures. When you are finished, the workbook will then serve as your documentation.
Additional Resource for Implementation of Your Data Security Plan
Book a free accredited 45-minute security consultation with the experts at Practice Protect. In addition to the free consultation, you will also receive:
- A data security checklist to help you be compliant with IRS 4557
- A work-from-home best practices checklist
- Access to an on-demand webinar discussing cybersecurity, the three most common accounting firm breaches, and the easy way to secure your business.
How to Download and Use Your Data Security Plan Workbook
2. Read the instructions on each worksheet. Use the links on each page for more detailed information provided in the Data Security Plan series.
3. Complete each worksheet, including all action items.