The FTC is mandating the implementation of new technologies and security controls to protect the SECURITY, CONFIDENTIALITY, AND INTEGRITY of customer information.
“Customer Information” means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.
All mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, non-federally insured credit unions, credit counselors and other financial advisors, tax preparation firms, and investment advisors that aren’t required to register with the SEC MUST be compliant by June 2023.
Non-compliance penalties include:
- A fine of up to $100,000 for each violation
- A fine of up to $10,000 for officers and directors of the financial institution
- In case of a serious violation, individuals may be imprisoned for up to 5 years
- Revocation of licenses
3 Things You May be Wondering about the New FTC Regulations…
1. Is my CPA Firm Impacted by the new FTC regulations?
Yes. According to the Code of Federal Regulations, § 314.2(h), the FTC requirements apply to “An accountant or other tax preparation service that is in the business of completing income tax returns” and compliance is required by June 9th, 2023.
2. Can’t this wait until Later
Unfortunately, no. The updated FTC regulations go into full effect on June 9th, 2023. All CPA Firms will be subject to regulations, penalties, and fines as of this date.
3. Are the new FTC Safeguards regulations complicated?
Ensuring that your CPA Firm is up to speed on the new regulations is a daunting process without help. In fact, professional I.T. support is now mandated by the Safeguards Rule.
Compliance and Cybersecurity best practices take time to plan, implement and test, you should be starting the process sooner rather than later.
How the new FTC Safeguards Rule will impact CPA Firms?
CPA Firms are in possession of critical consumer information, including access to customer names, addresses, tax information, credit card numbers, identifying business information, critical employee information, and other financial information which are prime targets for hackers.
With the FTC’s Safeguards Rule deadline going into effect on June 9th, CPA Firms will be required to have detailed procedures and specific criteria implemented in order to provide better protection and to curb data breaches and cyber attacks that could jeopardize sensitive customer data.
While most CPA Firms anticipate needing external support to meet the Rule’s security obligations, evaluating a myriad of vendors and tools to meet different sets of requirements can add to the existing burden.
When you schedule a 1-on-1 Free FTC Safeguards meeting, you will receive a step-by-step guide on how to ensure that your firm is up to date on regulations and compliance, while also procuring the necessary steps to mitigate your risk of a cyberattack.
We often hear accountants and small business owners say:
“Our computers have anti-virus, our files are saved on the Cloud (OneDrive, Google Drive, Dropbox), and my applications (QuickBooks, Ultra Tax, Microsoft Office 365) are hosted. So we are good and safe. Plus we are too small and don’t have the budget.“
As a tax preparer or CPA, form W-12 requires you to check the box confirming that you have data security to protect your clients’ sensitive data.
Many businesses are just depending on anti-virus and the “Cloud” to protect them. Things have changed and this is no longer sufficient. Many businesses have people working from home, using personal devices and unprotected wireless networks. This creates risk at a magnitude never previously imagined. The new risks are complex, and it’s constantly evolving. The old way of managing risks; having a firewall, anti-virus, backup, and the cloud, does not cut it in the digital age of ransomware and cybercriminals. If you are seeing a bunch of pop-up messages or warning messages or unwanted emails constantly appearing in your mailbox, you already have a problem. Chances are high that you’ve already been compromised. Can you answer YES to all these security measures:
- Wen you log in to your business email or network, are you prompted for a verification code or multi-factor authentication on your phone?
- Are your staff trained on security and participating in ongoing simulated phishing attacks?
- Are your computer drives and files encrypted? Are you sending sensitive files using encrypted email?
- Have you conducted regular risk assessments or “penetration testing” by a third party?
Don’t Worry, We Can Help!
Are you curious to know if your practice is ready for the latest FTC Safeguards requirements? It may be something you don’t think about every day, but slow outdated systems and inadequate defenses create risks and can result in costly fines, downtime, and open doors for hackers or other cyber criminals.
Let Polaris IT Services help your business meet FTC Safeguards requirements. Start with our network security assessment to examine key areas of your business:
- Test Your Network Defenses
- Are your Security Patches current?
- Discover whether you are using encryption
- Learn if your staff is using stale, repeated or crackable passwords
- And much, much more.