From the Bleeding Edge blog.
July took me to the arid lands of Arizona, where the temperatures hit 119 degrees in the afternoon and didn’t much cool at night. They call it “dry heat.” I called it Apache Territory.
But that was where tax preparers had gathered for the annual conference of the National Association of Tax Professionals (NATP), and that was where I found myself connecting with old friends and a few new ones. It was a productive time that I recommend to tax preparers and CPAs next August, when the 2014 conference convenes in Orlando.
One of the more interesting events of the conference, aside from the sessions and interviews, was a survey conducted by Travelers, a national insurance provider. The survey of 633 tax professionals consisted of nine simple questions, but yielded a wealth of information. Here’s the summary from the Travelers news release:
“Handling sensitive consumer data such as social security numbers and bank account information is a core part of a tax professional’s job, yet many feel inadequately protected from cyber crime-related risks, according to a recent poll of National Association of Tax Professionals’ (NATP) members.
The survey of 633 tax professionals polled at the association’s annual conference in Phoenix revealed that fewer than half of attendees polled were very familiar with the risks posed by cyber incidents, such as data theft, identify theft and computer viruses. Only 15 percent reported having cyber liability coverage, and just one in three (33 percent) report having a written business continuity or disaster recovery plan.
“Tax professionals need to prepare to withstand an unexpected event given the sensitive data they work with on a daily basis,” said Marc Schmittlein, Travelers Executive Vice President, who runs the company’s small business unit. “It is increasingly important to have a written business continuity plan in place to identify and mitigate potential threats to a business. Travelers' relationship with the NATP is just one way in which the company supports small business owners and ensures they have the right plans in place to protect their businesses as they grow.”
Travelers shared its own risk education platform with tax professionals attending the Association’s conference to raise awareness of emerging industry risks – with a particular focus on cyber – and to educate members on effective risk management techniques.
As cyber crime continues to grow in popularity and frequency, it is increasingly important that tax professionals work with their independent agent to develop a well-rounded insurance program.”
Travelers has a vested interest in selling insurance coverage for events such as disaster recovery and cyber-crime, but the survey and its insights bring a critical dimension to the management of a tax or accounting firms engaged in services that require them to collect and store sensitive client information. Bluntly put:
- Less than 50 percent of attendees were very familiar with the risks posed by cyber incidents, such as data theft, identify theft and computer viruses;
- Only 15 percent reported having cyber liability coverage; and
- Just 33 percent report having a written business continuity or disaster recovery plan.
Nor are these results unique to attendees at this conference. CPA firms and small tax preparation firms are woefully unprepared for an emergency of any kind, whether that is a hurricane, tornado, flood, fire or cyber theft. We learned that after Hurricanes Katrina and Sandy, when thousands of businesses simply went out of business – including accounting and tax firms.
Does your firm need an insurance policy to cover the loss of client data in the event of an emergency? That’s a business decision for each firm to assess on its own. But if your firm has no emergency plan for data recovery…or depends on its Internet Service Provider for cyber security…this might be a good time to reassess that strategy.
That may be as easy as it seems. Most accounting and tax firms have no formal written business plan, even though they recommend such plans to their clients. And even the firms that have excellent insurance coverage may find that these policies cover their facilities, their key professionals and their practices – but not their data.
In an era in which tax preparers have increasing responsibilities for compliance and reporting, the ability to protect the data of clients – and prepare for when that protection fails – is a critical part of practice management that no owner or partner can afford to ignore.
(Note: I have no financial interest in either the NATP or Traveler’s, but respect the fact that both exist and are working to protect the interests of tax preparers. In a world gone digital, such protection is critical to the future of the profession.)