A $25M reminder you need a WISP right now
WISP compliance for accounting firms is no longer an option, it is mandated by the IRS.
43% of cybercrime involves attacks on small businesses, according to the Verizon Data Breach Investigations Report.
Why? Hackers find smaller firms to be easier targets, because they often have fewer security measures in place.
You may have thought that cyber criminals only attack larger corporations. But these statistics will tell you otherwise. All businesses – big and small – are targets for cybercrime. Data is gold in today’s digital world with cybercrime happening more than ever before. The major difference is the outcome of a breach for small businesses compared to larger businesses.
The latest big hit? One of the nation’s largest mortgage lenders just settled a $25 million lawsuit from a huge data breach in which the personal information of approximately 16.9 million individuals was stolen.
You read that right. Almost 17 million individuals were impacted including their Social Security numbers, emails, names, financial account numbers, and birthdates were stolen.
These headlines are popping up all too often lately, and the frequency emphasizes the sentiment:
A wake up call for all firms big and small.
Think of it this way – if a multi-billion-dollar corporation with the best tools and cybersecurity teams can find themselves involved in a data breach of this magnitude, imagine how vulnerable a small accounting firm or an independent, solo accountant would be.
The impact of data breaches on smaller accounting firms would be catastrophic.
This lending company’s data breach didn’t just cause lawsuits and damage their reputation. It also caused real, long-term consequences for millions of people exposed to identity theft and fraud.
For smaller firms, the risk is just as critical.
If your accounting firm handles sensitive information like tax returns, financial documents, or social security numbers. you are a perfect target for cybercriminals.
But unlike a huge corporation, you may not have the financial luxury of an extra cushion to survive the cost of a data breach.
Cybercrime doesn’t care whether you’re a large corporation or a two-person tax firm. If you have data, they want it.
How can a WISP help small accounting firms?
A Written Information Security Plan (WISP) is a cybersecurity plan that helps determine what steps your firm will take to try to protect your clients’ sensitive data.
The role of an IRS WISP is to include a variety of cybersecurity protocols depending on the size of your firm, details on access controls, employee training, and steps to take in the case of a data breach.
According to the IRS and the FTC, WISP compliance for accounting firms isn’t just smart business, it is now mandatory in order to do business.
Read a step-by-step WISP guide on what a solid WISP should cover.
No accounting firm is immune to cyber attacks.
This $25 million settlement should act as a motivator for all firms to take security planning seriously, regardless of the size of your firm. If a company with billion-dollar resources can have a data breach, no firm is immune to cybercrime.
But you don’t have to be helpless.
WISP compliance for accounting firms can be attained from creating a Written Information Security Plan and implementing regular, annual maintenance and training for your staff using WISP Builder is one of the most cost-effective and smartest steps you can take to have a plan in place to help protect your clients and your business.