If you are not concerned about the fines accountants pay without a WISP, you should be. Accounting firms can be huge repositories of private customer data. As a result, they have the potential of being extremely lucrative targets for cybercriminals. Many cybercrimes carry with them large prison sentences. These criminals rarely want to waste their time on middle-class individuals. They want high reward targets such as accounting firms with glaring security flaws. In our last article we covered 5 Things Every Accountant Website Needs To Be Secure. In this one, we will discuss the repercussions of security standards laid out in a well-written WISP.
With an automobile accident, you’re required to report the accident to your local law enforcement agency. The police will then arrive, determine who is at fault, and issue citations or fines appropriate with the degree of damage caused. With a car accident, the company which ensures your care might help with the personal liability, and maybe even cover the cost of repairs for both cars involved in the accident. Lawyers also might get involved to help determine the amount of responsibility, settlement terms, and in extreme cases the jail term appropriate for any crimes. It goes without saying you want to make sure all your ducks are in a row, your insurance is up to date, and you have a way to get to work in the morning.
How It Applies
There are many similarities between a car accident and the order of events when a data breach occurs at your accounting firm. Once you realize that a breach happened, you must notify two or three of the appropriate state authorities and explain the situation. These are referred to as Notification laws but vary from state to state. It’s important to consult a lawyer on exactly how to proceed. Lawyers who specialize in Privacy or Corporate law the best to handle these types of proceedings.
The problem can be even more difficult to navigate if your company operates in several states. Each state may have a different expectation of how you’re required to proceed in order to avoid further fines. The timeframe provided to carry out all the requirements may vary state to state as well, only compounding the problem. After contacting the proper authorities, you should next contact your insurance carrier and explain the situation.
You Need a WISP
After you reported the breach to the proper authorities there will most likely be subject to audit and onsite inspection to investigate the extent of the damage. One of the first questions that will be asked is where your WISP is. In this our article Why Your Accounting Firm Needs a WISP what a WISP is. Without this document, your firm can be looking at a 100,000 dollar fight right off the bat. You will also need to provide proof that your employees have received ongoing coaching for cybersecurity best practices. Also contingencies for when a breach does occur need to be outlined. Each state which you operate in might has additional requirements or guidelines.
More on WISPs
For your car you have car insurance. This car insurance helps limit the financial responsibility for both your damaged car and the other person involved in the accident. But what additional protection does your accounting firm have for a cyber security breach? This is why a WISP is so important. These are easily avoidable fines accountants pay solely due to negligence. They outline your firm’s plan to keep customer information safe. They can also be used to prove that you took all the reasonable steps to protect your customer’s information. If you did your due diligence and the breach still happened it will look much more favorably by the authorities. The alternative is the impression of either apathy or flat out negligent.
The statistics showing the pervasiveness of data breaches from accounting firms and all other business sectors is alarming. This is not a problem that’s going away. The authorities are frankly too understaffed to deal with the threats proactively due to the sheer number of cases. Retroactively your business can be ruined by the fines the government agencies levy against you. Large corporations have the advantage of being able to hire multiple employees whose sole job is to make sure they’re as protected as possible for data breaches.
If a breach does occur they have a team of legal professionals working around to clock to limit or examine their legal liability. These companies are both prepared to settle any disputes both in and out of court in order to preserve their company’s image. These companies are capable of disputing any fines accountants pay normally. These are tools unavailable for smaller accountants firms.
Follow a breach, how you handle the disaster recovery will be closely scrutinized. One wrong step and your business may not be just closed temporarily to clean up the mess but permanently. Having a disaster recovery plan and the staff in place able to execute that plan is of the highest priority. The authorities will not look kindly on the situation if you lack a Breach Response Plan and/or a WISP. These are easily avoidable fines accountants pay all the time when planning improperly. These documents are used to demonstrate that you’ve done your best to handle the breach properly and avoid it from the onset.
Cybercriminals may leave a backdoor in your system following a breach. That way they can get back in to exploit it again if you’re not paying attention. Expect regulatory agencies to go over all of your files and policies with a fine-tooth comb after a breach. You don’t want to be retroactively justifying easy passwords or unsecured drives. Don’t become a victim by having paper-thin security, no WISP, and no way to clean up the mess worst does happen.
Accountant security is that Rush Tech Support specializes in. We’re here to sure you have the best practices in place for your accounting firm. God forbid something does happen we will be there holding your hand and fixing the problems with you.
Make sure you don’t leave your company or your customers at risk. Avoid a 100,000 dollar fine and start creating your own WISP today! If you run into problems or want to avoid the headaches give Rush Tech Support a call at 844-880-7874.