In this article we will discuss what a WISP is and why your accounting firm needs a WISP. In last week’s article we covered some of our Cybersecurity Tips for Accountants. You should ask yourself these important questions first: Do you want to build a sustainable long-term with your clients? Do you want to be perceived as a reputable business where your customers trust you with their data privacy rights? If you have answered yes, and you should, then it’s crucial you acquire a WISP or Written Information Security Plan.
What Exactly Is A WISP?
A Written Information Security Plan the formal document in which an accounting firm describes the technical, physical, and administrative safeguards which ensure information privacy. The private information is protected can belong to the customers but also the employees within a firm.
A WISP requires an accounting firm to be well prepared for any cyber threat which is posed to the sensitive data held in a firm’s possession, physically or electronically. The goal of the IRS requiring this document is to keep individual firms accountable for the security of breaches in customer data. Those who choose to neglect these stringent guidelines may incur a heavy fine from the federal government.
Does YOUR Accounting Firm Need WISP?
Certified Public Accounting firms are some of the most vulnerable to a security breaches since they contain a large amount of customers’ sensitive data. The financial data of different businesses and their owners can offer a huge payday for those willing to exploit your system. Recognizing this ever-growing problem, the different levels of government put these legal responsibilities on these firms to encourage compliance.
Suppose a malicious adware hacks an email account of a customer and it goes unnoticed. Once the exploit happens all of their valuable financial information is up for grabs. This can easily lead to the customer experiencing a serious financial disaster.
The same situation can happen to the employees at your firm. Suppose one of the staff members allows his social media account to get hacked and they use the same passwords for your company software. Now his carelessness can leave the files being held by the accounting firm he works for open to attack. This degree of liability can be so large that many accounting firms won’t be able to recover from all the penalties.
It’s important to understand these guidelines aren’t just to punish you but rather to protect you and your customers. These are the best practices that the government provides for your company’s overall security. In this regard, the first step to securing sensitive data is making a data inventory of the whole company. After assembling the data inventory, the firm can decide whether it would need to collect all the information before it moves towards taking steps for protecting it or not. There are many perspectives associated with that decision. However, to have better risk management regarding information security, it is always safer to go for a limited amount of data instead of going for the who
The first step is by taking an inventory of what data is being stored. After that inventory is accounted for then you can better understand what information needs to be protected and how to do it. There are many possible implementations of data security. It’s important to understand the risk and the options before proceeding further.
What If Your Firm Has No WISP?
The fifth Title of the Financial Services Modernization Act of 1999, also known as the Gramm Leach Bliley Act, states that all financial institutions working under the Federal Trade Commission are required to take necessary steps to ensure the protection of customers’ sensitive data as stated in the Safeguard Rule. The Federal Trade Commission has implemented this rule through different regulatory sectors. Violation of this rule results in a heavy penalty, the details of which are:
- The firm violating the law would have to pay a fine of 100,000 USD each time it violates it
- The individual members of the firm are personally accountable to pay a fine of 10,000 UDD for each violation.
- Title 18 of the United States Code also declares violating individuals may face imprisonment for five years for each violation.
- Also both the fine and imprisonment can be imposed on the violating party.
- Depending on the severity of the violations the prosecuting institutions can seek a higher fine or jail term. The scope and number of customers who are impacted dictate the severity of punishment.
How Can Rush Tech Support Help You?
Parties having a registered PTIN (Preparer Tax Identification Numbers) are now held accountable for the company’s overall cyber protection. The security plan is written on the 2020 PTIN renewal forms. This calls for the firm’s responsibility in making sure effective methods of cybersecurity measures are put in place possible
We want to make sure that your firm is eligible for the PTIN renewal. Make sure that your firm’s cybersecurity is well protected with a personalized WISP. Once your whole system is in compliance with a WISP, you can proceed to fill out your PTIN renewal form. There is a checkbox which indicates that your firm has taken all necessary measures needed for proper cybersecurity
After all, this is not just a question for compliance with the law to avoid legal issues. It also ensures the sustainability of your business in the long run. Therefore, taking all the appropriate measures to enforce effective cybersecurity policies are necessary for all businesses but even more so for accounting firms. The IRS Publication 4557 in detail has described these important cybersecurity measures that need to be followed by the firm.
Make sure you don’t leave your company or your customers at risk. Avoid a 100,000 dollar fine and start creating your own WISP today! If you run into problems or want to avoid the headaches give Rush Tech Support a call at 844-880-7874.