CPA firms have made great progress in embracing technology to make their working day easy. But with increasing incidences of taxpayer identity theft, firms need to do more than just ‘nod their head’ at safeguarding their clients’ data. CPAs maintain huge records of sensitive information and a data breach can happen in many ways including: theft, fraud, stolen device, improper disposal, and hacking.
The risks that a CPA firm can face in case of a data breach include the following:
Damages compensation – If a client’s data is compromised they can put up both direct and cross claims against your firm for damages suffered as a result of the data exposure.
- Direct claim: this is cost incurred to investigate and mitigate damages including forensic services and public relations expenses. Damages due to any lost business that is directly or indirectly related to the breach can also be claimed.
- Cross claims: this may arise from individual or class action lawsuits filed against the client by employees or customers. Cross claims are usually made on the grounds of failing to secure confidential data that leads to identity theft or loss of business.
Reputational damage – In a business like accounting, trust and confidentiality are critical and in case of a security breach the public perception of a firm can be damaged, often irretrievably. In the current market scenario where business reputation plays a vital role, the last thing your firm needs is being recognised as a company that has faced a breach in client data as this will harm your business relationships.
Cost of compliance with state and federal statutes and regulations – There are security breach notification laws and in addition to this the firm can be penalised for violations of federal statutes and regulations. Violation can lead to civil and criminal enforcement proceedings.
As soon as you know or are made aware of a data breach do not delay, assess the situation immediately and work on damage mitigation. Inform appropriate law enforcement agencies along with federal and state regulators.
In case of a data breach your firm will not only get a financial blow through paying hefty fines and penalties, and lawsuit costs but the reputation of your business can be completely damaged, along with the risk of its ability to continue to trade.