Blog

Strengthening Our Security Foundation: A Message from Our New CISO—and a Timely Reminder to Stay Vigilant

Meet Anjan Bagchee and learn why this tax season demands extra vigilance.

minute read

By

Last Updated April 2, 2026

Category Security & Compliance

Anjan Bagchee. CISO

Share

When people hand over their most sensitive financial and business data, they’re making a trust decision as much as a technical one. I don’t take that lightly—and neither does Rightworks. That’s a big part of why I’m here.

My name is Anjan Bagchee, and I recently joined Rightworks as its Chief Information Security Officer (CISO). I’ve spent my career in high-stakes security environments, including central banking, financial services, enterprise SaaS, and, most recently, the Federal Reserve Bank of Boston. As CISO there, I led security strategy, threat intelligence, vulnerability management, and AI governance initiatives that supported national-scale financial infrastructure.

All this to say, I understand what accounting firms and financial professionals are up against and what it takes to secure their success. I’ve been exposed to organizations where security was always playing catch-up. And I’ve experienced the difference when it was genuinely baked into the company’s core values. I can say with 100% confidence that Rightworks is firmly in that second camp, which made accepting this position an easy call.

So, what can I offer you in this new role? A continued commitment to keeping this community informed, protected, and ahead of the threats that matter most. And speaking of which, there’s one worth flagging right now.

The Rising Risks This Tax Season: Phishing Scams

Microsoft’s cybersecurity researchers have documented a wave of phishing campaigns targeting finance and accounting professionals. Just to be clear, these are broad industry campaigns, not anything targeting Rightworks or our platform specifically. But we urge anyone in the financial space to take note of these potentially dangerous tactics.

These aren’t the obvious, poorly worded spam emails that are easy to spot. They’re carefully crafted messages referencing W-2s, 1099s, IRS notices, and crypto tax topics. They’re crafted to look like the kind of email you’d expect to receive this time of year.

The scam: Look legitimate, trigger a reflex, and get you to click before you think twice.

The goal: Steal login credentials or install malicious software.

Here’s what I’d keep in mind:

  • Be vigilant with anything tax related. Unexpected emails about W-2s or IRS notices deserve a second look before you click anything—even if the sender looks familiar. I’d recommend reaching out to the sender independently (do not respond to the suspicious email) to confirm the validity of the request.
  • Don’t open unexpected attachments. Verify first, and when you do, contact the sender through your own channels, not by hitting reply.
  • Check links before you click. Hover to see where they actually lead, and when in doubt, navigate directly to the site yourself.
  • Go with your gut. If an email feels a little off, it probably is. Flag it for your IT or security team.

This is my first post, but it won’t be my last. I plan to keep showing up here with honest updates, timely warnings, and the kind of transparency you deserve from the people protecting your data. In the meantime, let’s look out for each other.

Stay vigilant.

— Anjan Bagchee, CISO, Rightworks

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.
Privacy(Required)

About the author

Anjan Bagchee

Anjan Bagchee

Anjan is responsible for leading Rightworks’ enterprise-wide cybersecurity strategy, overseeing security operations, governance, risk, and compliance across the organization. With deep expertise in protecting cloud platforms, SaaS environments, and large-scale technology systems, he drives a proactive, security-first approach that strengthens customer trust and safeguards the sensitive financial and business data entrusted to Rightworks. Anjan brings extensive experience leading company-wide cybersecurity programs, managing incident response, advancing secure development practices, and modernizing cloud defenses in highly regulated industries, including financial services and central banking.

As former Chief Information Security Officer at the Federal Reserve Bank of Boston, Anjan led enterprise security strategy, threat intelligence, vulnerability management, and emerging AI governance initiatives supporting national-scale financial infrastructure. Previously, he served as CISO at SS&C Intralinks and held senior security leadership roles at BNY Mellon – Eagle Investment Systems, EnerNOC, and the University of Rochester Medical Center.

More articles by Anjan Bagchee

Related Posts

5 Security Threats Small Businesses Face in 2026 (and How to Stop Them)

Small businesses are targeted 4x more than large corporations. Discover common cybersecurity threats facing SMBs today and the actionable steps you can take to protect your business.

The 5 Essential Layers of SMB Security: Understanding the Framework

Learn the five overlapping layers of protection every SMB needs, and why closing every gap is the only way to stay truly secure.

SSO & Role‑Based Permissions: The Security Duo Accounting Firms Can’t Ignore

Learn how SSO and role-based permissions protect accounting firms from data breaches, strengthen compliance, and boost productivity with smarter access control.