{"id":55484,"date":"2024-09-13T08:00:00","date_gmt":"2024-09-13T13:00:00","guid":{"rendered":"https:\/\/taxprocenter.proconnect.intuit.com\/?p=55484"},"modified":"2024-09-03T12:38:40","modified_gmt":"2024-09-03T17:38:40","slug":"safeguards-rule-and-cybersecurity-leadership","status":"publish","type":"post","link":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","title":{"rendered":"Safeguards Rule and cybersecurity leadership"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The Federal Trade Commission&#8217;s (FTC) updated <a href=\"https:\/\/www.ftc.gov\/legal-library\/browse\/rules\/safeguards-rule\" target=\"_blank\">Safeguards Rule<\/a> reflects a global shift toward more stringent data protection regulations, introducing a set of mandatory compliance requirements for businesses handling sensitive information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The FTC casts a wide net with the Rule, covering entities from multinational banks to small accounting practices. While the updates are a step in the right direction, they expose a fundamental issue: the Rule&#8217;s applicability to vastly different types of institutions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A global bank, equipped with plentiful resources, complex infrastructure, and dedicated cybersecurity teams, is in a vastly different position compared to a small tax and accounting firm with a handful of employees. Yet, the Rule makes little distinction between these entities and raises concerns about the Rule\u2019s practical effectiveness. How can a small firm with a limited budget and expertise realistically meet the same requirements as a large, resource-rich institution?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">At the heart of the Safeguards Rule are mandates wrapped in vague terminology. Firms are required to establish \u201ccomprehensive\u201d information security programs with \u201creasonable\u201d safeguards that are \u201cappropriate\u201d to their size and complexity. This language seems to offer flexibility, allowing firms to tailor their security measures to their specific needs. However, in practice, this vagueness is a double-edged sword.<\/p>\n\n\n\n<p class=\"has-x-large-font-size wp-block-paragraph\"><strong>Vague cybersecurity compliance rules leave firms to fend for themselves<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While the flexibility acknowledges that a one-size-fits-all approach to cybersecurity is impractical, it also introduces significant ambiguity. For large organizations with dedicated cybersecurity teams, interpreting what constitutes \u201ccomprehensive\u201d or \u201creasonable\u201d may be straightforward. But for small- and medium-sized tax and accounting firms, this language can lead to confusion and inconsistency.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are two risks. First, some firms may overestimate their cybersecurity capabilities, believing they meet the requirements when they do not. Second, other firms may interpret the rule too conservatively, expending unnecessary resources on measures that go beyond what is required, straining their limited budgets.<\/p>\n\n\n\n<p class=\"has-x-large-font-size wp-block-paragraph\"><strong>Why the WISP is just the tip of the iceberg in cybersecurity<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The IRS and Security Summit Partners released a <a href=\"https:\/\/taxprocenter.proconnect.intuit.com\/practice-management\/how-to-create-a-written-information-security-plan-for-your-practice\/\">Written Information Security Plan<\/a> (WISP) template for tax professionals in response to the Safeguards Rule. While their document provides useful information, it highlights the lack of a standardized approach to information security for financial institutions and accounting firms, and an overemphasis on technical controls. A plan is not a substitute for a comprehensive program. Rather, it is a document outlining an organization&#8217;s approach to information security controls and measures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A comprehensive information security program operationally integrates three key elements: people, processes, and technology. This integration is not a one-time effort, but a continuous, evolving process that responds to the ever-changing threat landscape. There are many components, including third-party supplier management, cloud security management, risk management, vulnerability assessment and mitigation, incident response preparation, and business continuity during disruptive events.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These elements are not merely items on a checklist; they represent ongoing responsibilities that require continuous effort, vigilance, and resources. They demand active engagement from all levels of the organization, from the board of directors to frontline employees.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"has-text-align-center wp-block-paragraph\">These elements are not merely items on a checklist; they represent ongoing responsibilities that require continuous effort, vigilance, and resources. <\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">The distinction between a plan and program is crucial and commonly misunderstood. For a plan to be effective, it must be reflective of a firm&#8217;s practices as part of a wider program. It must move beyond something that you have and be something that you do.<\/p>\n\n\n\n<p class=\"has-x-large-font-size wp-block-paragraph\"><strong>Acting despite the ambiguity for firms, taking action beyond compliance mandates&nbsp;<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Rule&#8217;s lack of sector-specific guidance is problematic. Accounting firms, with their blend of financial data handling and professional services, face distinct cybersecurity challenges. The ambiguity in what constitutes &#8220;reasonable&#8221; and &#8220;appropriate&#8221; security measures opens the door for interpretation, which could lead to inconsistent standards across the profession.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the absence of clear regulatory direction, industry leaders and cybersecurity firms are stepping in to define these terms. While this will drive innovation and best practices, it also risks creating a fragmented approach to security that may not align with regulatory intent or provide comprehensive protection.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regulatory authorities simply cannot afford to play catchup in the evolving compliance landscape. The onus is on them to provide not just oversight, but clear, actionable guidance that meets the unique needs of different financial institutions, from large multinational firms to small accounting practices. The time has come for regulators to move from merely enforcing compliance to being catalysts for innovation in cybersecurity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is the moment that requires bold leadership and a willingness to step into uncharted territory. Regulatory authorities must rise to the occasion, providing the clarity and direction the profession desperately needs, and firms must push beyond compliance and move toward more secure practices. How the accounting profession chooses to respond will determine whether it remains a follower or emerges as a leader in the ongoing battle against cyber threats. How will your firm respond?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn more about how the FTC&#8217;s Safeguard&#8217;s Rule affects cybersecurity at tax and accounting firms. Luke Kiely explains.<\/p>\n","protected":false},"author":144649079,"featured_media":55489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rkv_browse_by_id":0,"rkv_cta_id":0,"rkv_optimize_for_pagespeed":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"useModifiedDate":false,"customPublishDate":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false},"categories":[509474089],"tags":[130072316],"intuit_collection":[],"intuit_series":[],"coauthors":[646041888],"class_list":["post-55484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tax-law-and-news","tag-fraud-and-security"],"header_image":"","yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>FTC Safeguards Rule for Tax Firms<\/title>\n<meta name=\"description\" content=\"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Safeguards Rule and cybersecurity leadership - Tax Pro Center | Intuit\" \/>\n<meta property=\"og:description\" content=\"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/\" \/>\n<meta property=\"og:site_name\" content=\"Tax Pro Center | Intuit\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/IntuitAccountants\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-13T13:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"593\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Luke Kiely\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@IntuitAccts\" \/>\n<meta name=\"twitter:site\" content=\"@IntuitAccts\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Luke Kiely\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/\"},\"author\":{\"name\":\"Luke Kiely\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/person\\\/6957d3b0391e1d11e0632bfdb0c9cd3f\"},\"headline\":\"Safeguards Rule and cybersecurity leadership\",\"datePublished\":\"2024-09-13T13:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/\"},\"wordCount\":815,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg\",\"keywords\":[\"fraud and security\"],\"articleSection\":[\"Tax Law and News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/\",\"name\":\"FTC Safeguards Rule for Tax Firms\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg\",\"datePublished\":\"2024-09-13T13:00:00+00:00\",\"description\":\"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#primaryimage\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg\",\"contentUrl\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg\",\"width\":1440,\"height\":593,\"caption\":\"Safeguards Rule and cybersecurity leadership\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/tax-law-and-news\\\/safeguards-rule-and-cybersecurity-leadership\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Safeguards Rule and cybersecurity leadership\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#website\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\",\"name\":\"Tax Pro Center | Intuit\",\"description\":\"Tax Pro Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#organization\",\"name\":\"Tax Pro Center | Intuit\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Tax_Pro_Center_Logo_Final_large.webp\",\"contentUrl\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/Tax_Pro_Center_Logo_Final_large.webp\",\"width\":872,\"height\":160,\"caption\":\"Tax Pro Center | Intuit\"},\"image\":{\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/IntuitAccountants\",\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/IntuitAccts\",\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/intuitaccountants\\\/?hl=en\",\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/company\\\/intuit-accountants\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/#\\\/schema\\\/person\\\/6957d3b0391e1d11e0632bfdb0c9cd3f\",\"name\":\"Luke Kiely\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/avatar\\\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/avatar\\\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/avatar\\\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g\",\"caption\":\"Luke Kiely\"},\"description\":\"Luke Kiely is the founder of iComply Online and chief information security officer at SmartVault. His experience includes law enforcement positions where he was instrumental in covertly monitoring and apprehending perpetrators of data-based cybercrimes. In addition, Luke has held several key senior roles overseeing information security, cybersecurity, and data compliance for top SaaS companies.\",\"sameAs\":[\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/\",\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/in\\\/luke-k\\\/\"],\"url\":\"https:\\\/\\\/accountants.intuit.com\\\/taxprocenter\\\/author\\\/lukekielytax\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"FTC Safeguards Rule for Tax Firms","description":"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","og_locale":"en_US","og_type":"article","og_title":"Safeguards Rule and cybersecurity leadership - Tax Pro Center | Intuit","og_description":"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.","og_url":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","og_site_name":"Tax Pro Center | Intuit","article_publisher":"https:\/\/www.facebook.com\/IntuitAccountants","article_published_time":"2024-09-13T13:00:00+00:00","og_image":[{"width":1440,"height":593,"url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","type":"image\/jpeg"}],"author":"Luke Kiely","twitter_card":"summary_large_image","twitter_creator":"@IntuitAccts","twitter_site":"@IntuitAccts","twitter_misc":{"Written by":"Luke Kiely","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#article","isPartOf":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/"},"author":{"name":"Luke Kiely","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/person\/6957d3b0391e1d11e0632bfdb0c9cd3f"},"headline":"Safeguards Rule and cybersecurity leadership","datePublished":"2024-09-13T13:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/"},"wordCount":815,"commentCount":0,"publisher":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization"},"image":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#primaryimage"},"thumbnailUrl":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","keywords":["fraud and security"],"articleSection":["Tax Law and News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","url":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/","name":"FTC Safeguards Rule for Tax Firms","isPartOf":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#website"},"primaryImageOfPage":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#primaryimage"},"image":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#primaryimage"},"thumbnailUrl":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","datePublished":"2024-09-13T13:00:00+00:00","description":"The FTC Safeguards Rule applies to small tax firms as strictly as large banks. Learn what compliance requirements apply and how accounting practices can meet them.","breadcrumb":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#primaryimage","url":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","contentUrl":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","width":1440,"height":593,"caption":"Safeguards Rule and cybersecurity leadership"},{"@type":"BreadcrumbList","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/safeguards-rule-and-cybersecurity-leadership\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/accountants.intuit.com\/taxprocenter\/"},{"@type":"ListItem","position":2,"name":"Safeguards Rule and cybersecurity leadership"}]},{"@type":"WebSite","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#website","url":"https:\/\/accountants.intuit.com\/taxprocenter\/","name":"Tax Pro Center | Intuit","description":"Tax Pro Center","publisher":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/accountants.intuit.com\/taxprocenter\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#organization","name":"Tax Pro Center | Intuit","url":"https:\/\/accountants.intuit.com\/taxprocenter\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/logo\/image\/","url":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2022\/10\/Tax_Pro_Center_Logo_Final_large.webp","contentUrl":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-content\/uploads\/2022\/10\/Tax_Pro_Center_Logo_Final_large.webp","width":872,"height":160,"caption":"Tax Pro Center | Intuit"},"image":{"@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/accountants.intuit.com\/taxprocenter\/IntuitAccountants","https:\/\/accountants.intuit.com\/taxprocenter\/IntuitAccts","https:\/\/accountants.intuit.com\/taxprocenter\/intuitaccountants\/?hl=en","https:\/\/accountants.intuit.com\/taxprocenter\/company\/intuit-accountants\/"]},{"@type":"Person","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/#\/schema\/person\/6957d3b0391e1d11e0632bfdb0c9cd3f","name":"Luke Kiely","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/accountants.intuit.com\/taxprocenter\/avatar\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g","url":"https:\/\/accountants.intuit.com\/taxprocenter\/avatar\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g","contentUrl":"https:\/\/accountants.intuit.com\/taxprocenter\/avatar\/6b550db2f9c2df4190c20d2ecdb38aea9986f1d0655b6acd843236956244e358?s=96&d=identicon&r=g","caption":"Luke Kiely"},"description":"Luke Kiely is the founder of iComply Online and chief information security officer at SmartVault. His experience includes law enforcement positions where he was instrumental in covertly monitoring and apprehending perpetrators of data-based cybercrimes. In addition, Luke has held several key senior roles overseeing information security, cybersecurity, and data compliance for top SaaS companies.","sameAs":["https:\/\/accountants.intuit.com\/taxprocenter\/","https:\/\/accountants.intuit.com\/taxprocenter\/in\/luke-k\/"],"url":"https:\/\/accountants.intuit.com\/taxprocenter\/author\/lukekielytax\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/09\/Safeguards-Rule-and-cybersecurity-leadership-copy.jpg","jetpack_shortlink":"https:\/\/wp.me\/pazjGh-eqU","jetpack-related-posts":[{"id":13614,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/irs-reminds-professional-tax-preparers-of-data-security-plan-requirements\/","url_meta":{"origin":55484,"position":0},"title":"IRS Reminds Professional Tax Preparers of Data Security Plan Requirements","author":"Intuit Accountants Team","date":"August 28, 2018","format":false,"excerpt":"Did you know that, as a tax professional, you're required to have a security plan to protect your clients' data? Learn about the requirements in this article.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Secure your information","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/10\/disaster-e1508457520210.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/10\/disaster-e1508457520210.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/10\/disaster-e1508457520210.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":55038,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/tax-law-and-news\/ftc-safeguard-rule-now-requires-multi-factor-authentication\/","url_meta":{"origin":55484,"position":1},"title":"FTC safeguard rule now requires multi-factor authentication","author":"Intuit Accountants Team","date":"August 21, 2024","format":false,"excerpt":"Get key information you need to comply with the FTC safeguard for multi-factor authentication, and pass this information on to your clients.","rel":"","context":"In &quot;Tax Law and News&quot;","block_context":{"text":"Tax Law and News","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/tax-law-and-news\/"},"img":{"alt_text":"FTC safeguard rule now requires multi-factor authentication","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/08\/FTC-safeguard-rule-now-requires-multi-factor-authentication-copy.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/08\/FTC-safeguard-rule-now-requires-multi-factor-authentication-copy.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/08\/FTC-safeguard-rule-now-requires-multi-factor-authentication-copy.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2024\/08\/FTC-safeguard-rule-now-requires-multi-factor-authentication-copy.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":22045,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/is-your-taxpayer-data-secure\/","url_meta":{"origin":55484,"position":2},"title":"Is your taxpayer data secure?","author":"Intuit Accountants Team","date":"January 4, 2021","format":false,"excerpt":"Get a checklist of how you can improve your firm's handling of sensitive client taxpayer information.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Security and Privacy","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2020\/12\/Login-Keyboard.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2020\/12\/Login-Keyboard.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2020\/12\/Login-Keyboard.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2020\/12\/Login-Keyboard.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36897,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/elements-in-your-written-info-security-plan-wisp\/","url_meta":{"origin":55484,"position":3},"title":"8 elements in your Written Info Security Plan (WISP)","author":"Astrid Daniela Galvez, EA","date":"January 2, 2024","format":false,"excerpt":"Discover the 8 elements of a Written Information Security Plan, and why your firm needs to maintain a current plan at all times. Astrid Daniela Galvez, EA, explains.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Developing a cybersecurity framework for your firm","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2023\/12\/Developing-a-cybersecurity-framework-for-your-firm-copy.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":13607,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/irs-urges-tax-professionals-to-educate-employees-about-data-security-computing-safeguards\/","url_meta":{"origin":55484,"position":4},"title":"IRS Urges Tax Professionals to Educate Employees About Data Security, Computing Safeguards","author":"Intuit Accountants Team","date":"August 23, 2018","format":false,"excerpt":"Learn about recommendations from the IRS and its Security Summit Partners about how to educate your staff members about data security.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"Security","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/01\/security-shield-e1535552344432.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/01\/security-shield-e1535552344432.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2016\/01\/security-shield-e1535552344432.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":14381,"url":"https:\/\/accountants.intuit.com\/taxprocenter\/practice-management\/how-to-update-your-tax-firms-data-safeguards-based-on-irs-pub-4557\/","url_meta":{"origin":55484,"position":5},"title":"How to Update Your Tax Firm&#8217;s Data Safeguards Based on IRS Pub 4557","author":"Jim Buffington, CPA","date":"January 16, 2019","format":false,"excerpt":"Before working on any client returns for the next tax year, make sure your security is updated.","rel":"","context":"In &quot;Practice Management&quot;","block_context":{"text":"Practice Management","link":"https:\/\/accountants.intuit.com\/taxprocenter\/category\/practice-management\/"},"img":{"alt_text":"tax security","src":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2015\/08\/security2-e1535552348651.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2015\/08\/security2-e1535552348651.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/taxprocenter.proconnect.intuit.com\/wp-content\/uploads\/2015\/08\/security2-e1535552348651.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/55484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/users\/144649079"}],"replies":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/comments?post=55484"}],"version-history":[{"count":4,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/55484\/revisions"}],"predecessor-version":[{"id":55492,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/posts\/55484\/revisions\/55492"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/media\/55489"}],"wp:attachment":[{"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/media?parent=55484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/categories?post=55484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/tags?post=55484"},{"taxonomy":"intuit_collection","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/intuit_collection?post=55484"},{"taxonomy":"intuit_series","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/intuit_series?post=55484"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/accountants.intuit.com\/taxprocenter\/wp-json\/wp\/v2\/coauthors?post=55484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}