FTC Safeguards Rule Compliance – Is Your CPA and Accounting Firm Ready?

The FTC is mandating the implementation of new technologies and security controls to protect the SECURITY, CONFIDENTIALITY, AND INTEGRITY of customer information.

“Customer Information means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”

All Accounting, Tax Professionals, Enrolled Agents, Wealth Management Advisors, and other financial institutions MUST Be Compliant By June 2023.

  • Fines range from $10,000 to $100,0000per violation
  • Gross Breaches can result in up to 5 years in prison
    • Example: intentional abuse of protected information

3 Things You May be Wondering about the New FTC Regulations...

1. Is my CPA Firm Actually Impacted by the new FTC regulations?

Yes. According to the Code of Federal Regulations, § 314.2(h), the FTC requirements apply to your CPA Firm and compliance is required by June 9th, 2023.

2. Can't this wait until Later

Unfortunately, no. The updated FTC regulations go into full effect on June 9th, 2023. All CPA Firms will be subject to regulations, penalties, and fines as of this date.

3. Are the new FTC Safeguards regulations complicated?

Ensuring your CPA Firm is up to speed on the new regulations is daunting without help. In fact, professional I.T. support is now mandated by the Safeguards Rule.

Compliance and Cybersecurity best practices take time to plan, implement and test; you should be starting the process sooner rather than later.  

To learn more, book a free FTC Strategy call today.

How will the new FTC Safeguards Rule impact Colorado CPA Firms?

CPA Firms are in possession of critical consumer information, including access to customer names, addresses, tax information, credit card numbers, identifying business information, critical employee information, and other financial information, which are prime targets for hackers.

With the FTC’s Safeguards Rule deadline going into effect on June 9th, CPA Firms must have detailed procedures and specific criteria implemented to provide better protection and curb data breaches and cyber attacks that could jeopardize sensitive customer data.

While most CPA Firms anticipate needing external support to meet the Rule’s security obligations, evaluating a myriad of vendors and tools to meet different sets of requirements can add to the existing burden. IT5280 can mitigate the risk AND burden.

We often hear accountants and small business owners say:

"Our computers have anti-virus, our files on saved on the Cloud (OneDrive, Google Drive, Dropbox), and my applications (QuickBooks, Ultra Tax, Sage, Microsoft Office 365) are hosted. So we are good and safePlus we are too small and don't have the budget."

As a tax preparer or CPA, form W-12 requires you to check off the box you have data security to protect your client's sensitive data.

Many businesses are just depending on anti-virus and the "Cloud" to protect them, guess what? Things have changed, and many businesses have people working from home, using personal devices and unprotected wireless networks; this creates risk at a magnitude never previously imagined. The new risks are complex, and it's constantly evolving. The old way of managing risks, having a firewall, anti-virus, backup, and the cloud, does not cut it in the digital age of ransomware and cybercriminals. If you are seeing a bunch of pop-up messages or warning messages or unwanted emails constantly appearing in your mailbox, you already have a problem. Chances are high that you’ve already been compromised.

Can you answer YES to all these security measures:

  • When you log in to your business email or network are you prompted for a verification code or multi-factor authentication on your phone? (not a text message login code)
  • Are your staff trained on securityand participating in ongoing simulated phishing attacks?
  • Are your computer drives and files encrypted?  Are you sending sensitive files using encrypted email?
  • Have you conducted regular risk assessmentsor "penetration testing" by a third party?
  • Do you know if something is sent un-encrypted or other sensitive client or business information is being used in a way that is leaving you open to liability?
  • WHEN (not if) something happens, do you have a Cyber Security expert on speed dial?