Prevent FTC fines and cybersecurity threats

The template provided in IRS Publication 5708 offers high-level sample information. To enhance ease of implementation, we have supplemented this with additional templates that are ready for easy editing and updating as well as other helpful information.

Furthermore, we are committed to continuously monitoring FTC and IRS requirements and recommendations. As updates are released, we will promptly update our Written Information Security Plan (WISP) and provide these updates to our customer base.

- Should a threat alert come in, Refundo will immediately contact the designated customer point of contact (POC) and inform them of the potential threat.

- During that time, our cybersecurity partners will continue to investigate to understand the threat.

- The threat will be contained swiftly. If additional steps are needed, our Sieben team will work with you and provide recommendations.

Installation is free!! Refundo will collaborate with customers for a smooth installation. Installations can take as little as seconds up to around 15 minutes per machine. Once the installation is complete, customers can quickly return to their busy day, focusing on building their business.

Yes, it certainly does. Here’s the deal: if you’re dealing with fewer than 5,000 consumer records, then some aspects don’t apply. For instance, certain requirements, like having a written risk assessment, an incident response plan, periodic penetration testing and vulnerability assessments, and preparing the annual report to the board of directors, may not be necessary.

However, despite these few compliance exceptions, the priority remains on protecting you from potential breaches. It’s crucial, especially for small businesses, as they are the most vulnerable.

The potential fines imposed by the Federal Trade Commission (FTC) for tax preparers who fail to have a Written Information Security Plan (WISP) can vary based on several factors, including the severity of the violation and the number of affected individuals.

However, the FTC has the authority to levy civil penalties of up to $100,000 per violation, as of 2022. These fines can quickly add up depending on the scale and scope of the breach or non-compliance.

Additionally, tax preparers may face other legal repercussions, such as legal fees and damage to their reputation, resulting from the lack of a WISP and subsequent data breaches.

Cybersecurity involves protecting computer systems, networks, and data from digital attacks. It’s crucial for tax professionals to safeguard sensitive client information, such as social security numbers and financial data, from cyber threats like hacking and data breaches.

While implementing network monitoring and threat detection services may introduce some initial adjustments, their benefits outweigh any potential disruptions. These services are designed to enhance security by identifying and mitigating potential threats to your network and data.

By investing in these services, you can better protect your business from cyber threats and safeguard sensitive data, ultimately contributing to the long-term success and resilience of your tax practice.

1. All Servers with Microsoft Windows Operating Systems must be running Windows Server 2012 or later, and have all of the latest Microsoft Service Packs and Critical Updates installed.

2. Operating systems:

All Desktop PC’s and Notebooks/Laptops with Microsoft Windows Operating Systems must be running Windows 10 or later, and have all of the latest Microsoft Service Packs and Critical Updates installed.Macintosh Need to be running macOS versions 12 Monterey or laterAll Operational requirements for LINUX or Proprietary Operating System(s) will be discussed on a case by case basis.

3. All Server and Desktop Software must be Genuine, Licensed and Vendor-Supported.

4. All computers must be owned by the business and not for personal use.

5. Must have local administrator access or credentials for all your computers.

6. All Wireless data traffic in the environment must be securely encrypted.

7. All internet access must be procured through legitimate means such as an Internet Service Provider (ISP), Internet Carrier or Internet Company.

8. All internet access must be routed through an internet gateway such as a modem, router or wireless hotspot.

9. All Servers and Desktop computers must be housed in a climate controlled, secure indoor environment.

10. The environment must have a currently licensed, Vendor-Supported Hardware Firewall between the Internal Network and the Internet.