In the past few weeks, Facebook has come under unprecedented fire for giving up the personal information of more than 50 million of its users. In 2014, political consulting firm Cambridge Analytica used a researchers’ app to access the Facebook data of 270,000 consenting individuals — and to plunder info from millions upon millions of their unsuspecting friends. This data was then used by political entities like the Trump campaign to, as the Cambridge Analytica whistleblower put it, “exploit what we knew about [users] and target their inner demons” to swing voters.
At this point, it’s difficult to imagine ever going back to a sense of total comfort in cyberspace. As users delete Facebook en masse and tighten up their digital footprints, it’s obvious that protecting their data is at the forefront of consumers’ minds.
What the Scandal Means for the Accounting Industry
With clients more skittish than ever before, accountants are going to need to step up their game. Here are the two most important things you can do right now to ensure you don’t leave yourself or your clients vulnerable to a data breach.
Obviously, accountants have a moral responsibility to protect the data of the people they serve, but they also have a legal responsibility as well. For example, there’s Sec. 7216, which imposes criminal penalties on accountants who illegally disclose return-related info, whether by neglect or on purpose. There’s also the Gramm-Leach-Bliley Act and other FTC regulations which pile on an additional set of restrictions. To top it all off, all 50 states have enacted security breach notification laws that require businesses to alert their users of any digital funny business in their accounts.
The key to avoiding running afoul of these regulations is to stay educated on the risks and burdens you are beholden to as an accountant. Check out the Journal of Accountancy’s quick and dirty guide to basic cyber-security, this guide from Business World, the AICPA’s security hub for all kinds of useful resources, and learn the specific rules and regulations of where you’re operating.
Educate Your Clients
It’s easy to imagine a hacker going up against some massive security structure, tapping furiously away at their keyboard, but in reality, many cyber-criminals will penetrate your network through your hapless clients. If you want to not only provide the best value for the people you serve but to protect your own interests, you need to do your best to ensure your clients are vigilant.
In 2016, the IRS published a quick “Taxes. Security. Together.” for taxpayers that outlines the basics everyone needs to know to protect their data. You can also steer your clients to watch IRS security videos to gain a grasp of the essentials, but your program should go beyond that. You should personally speak with your clients about the dangers and risks they face in digital finance, sharing as much information as possible. And when you outline all the measures and processes you’ve implemented to protecting their data, it will provide that much added value.
Have questions? Want to talk security? Get in touch! We want to hear from you and value accountants data security!