Cybersecurity. It is a topic that’s both critical and mundane. You’ve likely heard about the threats to your firm and your client’s data from hackers and cyber thieves repeatedly over the past several years.
While this is true, it doesn’t decrease the urgency in which you need to respond to these issues. Quite the opposite, in fact.
Case and point: The Internal Revenue Service (IRS) has made it clear that they are expecting all tax preparers to have a written information security plan (WISP) in place. This doesn’t just mean that you have the WISP document or “WISP List.” It means that you have implemented all of the key components of it. If you have not got a plan yet, check out the latest requirements in IRS 4557 document HERE.
Next, it is time to use the “WISP Window” of opportunity available now through mid-January to proactively implement the required safeguards and improve your firm’s cyber security protocols. Failure to do so not only puts your clients and firm at risk of an attack, it can also put you in jeopardy of fines and penalties from the IRS.
To avoid all of these negative consequences, take advantage of the WISP Window with the tips below to create a customized plan for your firm.
Here are several tips for implementing IRS 4557 taxpayer data safeguarding requirements before busy season:
Swizznet’s Obsessive Support® Team can help implement industry-leading practices and solutions to head off potential threats to your accounting firm during the heat of this hectic period. Since every firm that is preparing taxes needs a WISP implemented in alignment with their current workflows, your plan needs to be customized, but these are the three broad categories to consider:
1. Put cybersecurity protocols and procedures in place for remote and mobile work
A remote workforce, or at least a very mobile one, is the way of the future for firms. In this post-Covid era, as you have likely seen in your own situation, teams are rethinking traditional “in office” working arrangements due to the demand for work-life flexibility, higher productivity, and the overall cost-efficiency benefits.
The more remote and mobile workers and demands your firm has, the higher you need to place staff, device and network security on your list. Even if you took a close look at these requirements during the pandemic, threats are always evolving and it is essential you evolve your security protocols along with them.
2. Make cybersecurity a firm philosophy and non-negotiable task
As mentioned above, cybersecurity threats evolve everyday, multiple times a day. As such, you cannot afford to “set it and forget it.” Responding initially to the IRS 4557 requirements is a huge first step, however, you need to ensure it is just the beginning of the education and involvement of every member of your team, make sure you incorporate cybersecurity into every aspect of you firm’s processes and culture so that it becomes a must-do item instead of something that only becomes urgent when there is an issue.
Another reason to make cybersecurity intelligence a cornerstone of your firm’s culture? It will help to have multiple people looking out for potential threats and areas that leave your firm vulnerable. Plus, the IRS is continually increasing its compliance requirements for securing taxpayer data so it’s important for your firm to keep up-to-date on the IRS requirements for taxpayer data security.
Individual states are also ramping up implementation of their own privacy laws, which means depending on the individual states you are working in or your clients are working in, you may need to implement separate protocols. Swizznet’s solution may also help you stay compliant across the board. Bring your individual needs and requirements to the team to learn how to.
3. Set priorities and timelines to meet your objectives during your “WISP Window”
Depending how much upgrading to your tech stack and the number of potential cyber security issues on your WISP list that you need to address, you may have to devote some time and resources during your WISP window to be ready for the 2023 busy season. This is when you need to set priorities and timelines to ensure you get all of the boxes checked on your WISP list.
- Make sure you have a plan for managing firewalls, virtual private networks (VPNs) and can protect all of your firm and staff’s devices as well as work stations.
- Make your WISP list and use the WISP window prior to tax season to check the boxes of the IRS 4557 with Obsessive Support provided by Swizznet.
There’s no single right solution for all accounting firms; in fact, it’s not uncommon for some firms to have no cyber security strategy in place or multiple technology strategies for managing their remote workforces. Be sure to assess your options carefully when determining the best way to manage cybersecurity risks before, during and beyond tax season.
Now is the time to fulfill your WISP list and make sure that you do a thorough cyber security reality check to prevent a busy season business interruption or any issues related to non-compliance with IRS 4557.
Sam Schuemacher is Certified QuickBooks ProAdvisor and an expert in developing and implementing cloud accounting solutions and strategies. Sam works with accountants and bookkeepers to conceptualize and implement innovative solutions to maximize return on investment and help grow their businesses. Sam can help streamline the accounting process and can make offering online accounting services easy.
Like what you’re reading?
Subscribe to our FREE newsletter and we’ll deliver content like this directly to your inbox.