If you follow Rightworks content or have run into me at events, you probably know that I often discuss the importance of creating and maintaining comprehensive Written Information Security Plans (WISPs) with the accounting and tax profession.
I’ve recently been focused on showing firms that the WISP shouldn’t be only a static document. But it should be a jumping-off point for building a culture of security, with the contents of your WISP acted on each day. This means doing simulations of how you might prevent and respond to attacks before something happens.
If the idea of a complete WISP or tabletop exercises as part of your culture of security seems too time-consuming or overwhelming, I’ve got some bad news…
Tax preparers: Your data is a target, and this fact isn’t changing anytime soon.
Last month, the profession learned of a ransomware attack on tax return software eFile. The LockBit ransomware group, known for its targeted attacks on various sectors, isn’t the first to notice the valuable data stored in eFile; the vendor was also attacked last year.
This incident highlights the critical need for robust cybersecurity measures plus a plan of action to safeguard sensitive client information. And maintain your reputation as a trusted tax preparer.
Why did LockBit target accountants and tax preparers?
While the answer to why LockBit targeted the accounting and tax vertical may seem simple, it’s worth revisiting in detail. Let’s talk about why LockBit decided to target eFile, and why you’ll continue to see similar attacks.
- Accounting and tax firms are a goldmine for sensitive data. You deal with social security numbers, bank account details, income statements and other personal data every day that can be exploited for identity theft or financial fraud. LockBit, for its part, generally engages in ransomware-as-a-service, extorting data for financial gain. This made eFile a perfect tool to infiltrate.
- You’re busy. Particularly before and during tax season, accountants and tax preparers have an abundance of work. This means they may avoid red flags or clues that a file, application or email may be malicious. Plus, during tax season, it’s easier to push through prompts that seem suspect to get work done. It’s part of the job…busy professionals are focused on their clients!
- Firms may not be technology-focused. Smaller accounting firms or those less invested in cybersecurity measures may present easier targets due to their potentially weaker defenses. The LockBit group, like many ransomware groups, is skilled at finding and exploiting such vulnerabilities. This makes accounting and tax firms—which often operate with a small amount of staff—great targets.
Concerned yet?
Revisiting my original stance, accountants and tax preparers: Your data is gold to cybercriminals like the LockBit group.
That’s a big reason the IRS requires you to have a WISP and why you must attest to having a data security plan in place when you renew your preparer tax identification number (PTIN) each year.
The process of creating the WISP forces your firm to examine any gaps in your security strategy and, hopefully, take action to better protect client data. It also helps you outline a plan and responsibilities for mitigation if something—like the recent LockBit attack—does take place.
Work with the right partner
The right partner can help make the WISP and filling security gaps easier. Rightworks believes your WISP should be simple to complete and regularly updated. We’ve partnered with thousands of firms to help them complete their WISPs before their PTIN renewals—and before something like the LockBit ransomware attack takes place. Let us take the guesswork out of documenting your plan and identifying your weak points.
Get your WISP completed to stay compliant. And help identify simple ways your firm can avoid being caught in the next series of targeted cyberattacks. Get started today!