CAMICO-CPA Professional and Employment Practices Liability Insurance
Member Login
Products Risk Management Services Get A Quote About CAMICO
 

3 Security Steps You Cannot Afford To Ignore
When Protecting Client Data


Nationwide, missing laptop and other personal computers continue to cause losses for many CPA firms, especially when drives containing confidential client information have not been encrypted. The cost of notifying clients is significant, not to mention the losses from user productivity, billable hours, and business opportunities.

Data breaches affect client willingness to continue doing business with an organization that failed to protect client information. A 2009 study by the Ponemon Institute put such costs at $202 per compromised record, or $202,000 per 1,000 records.

Laptop and PC security results from well-trained personnel and written policies and procedures that are steadily applied and ably enforced, including effective safeguards in the event of a potential data breach.

1. Institute Vital Policies and Procedures

Establishing written policies is a vital step. It causes managers to carefully consider the issues involved in the custody and care of laptops, including physical security (as in locking laptops to a desk or equivalent item), building security, and access codes or keys. It should provide for the “least privilege” rule, in which users do not have any more rights or access to a laptop or program than they need to have, and it should address the procedures that help secure information, such as: 

  • backup copies of all important data, stored and secured away from your office location, with sensitive information encrypted;
  • installation of firewalls and secure configurations, including programs to scan for and counteract viruses, malware and spam;
  • encryption of all confidential client data at all times; and
  • use of strong passwords and authentication.


2. Implement Effective Safeguards

Policies and procedures that operate without user involvement appear to be most effective in reducing vulnerabilities. Some data protection services enable firms to easily encrypt the sensitive data on their laptops and PCs, and to ensure that the data is never accessible to unauthorized users in the event of a loss or theft of the computer. 

Encryption policies and other protective actions can be managed by the firm or by a third-party MSP (managed service provider). Both solutions can protect the organization without end-user training or participation, and they can be effective whether the computer is online or offline. With some services, there is no hardware or software infrastructure to purchase or support.


3. Conduct Training and Ensure Enforcement

Computer security training for all users helps enhance staff awareness of related risks and the firm’s policies for addressing the risks. The firm should have a person or committee take ownership of the responsibility for ensuring that personnel learn and comply with laptop security policies and procedures.

In the event of compromised client information, the client may need to be notified of the time and scope of the compromise immediately following its detection, depending on the facts of the situation and the laws of the state where the company is located. In some states there is an exemption to the notification requirement if the data has been encrypted. In other states there are no exemptions to notifications even if the data is encrypted.

Again, the best way to solve the security problems associated with laptops is through continuous and vigilant monitoring, policies, procedures, training and enforcement. Such security measures also make great selling points to clients and prospective clients.

--------------------------------------------------------------------------------------------------------------------

FREE REPORT - 5 Ways A CPA Can Get Sued

After 24 years of malpractice claims experience, CAMICO has developed a wealth of information about what causes disputes between CPAs and their clients, what leads to litigation, and how to avoid or minimize the damages from such conflicts.

From CAMICO's own claims files, this report describes five pitfalls that are especially prone to litigation and offers some preventive risk management advice.

Click here to get your copy of the free CAMICO Report - 5 Ways A CPA Can Get Sued

-----------------------------------------------------------------------------------------------------------------------------------------------

ABOUT CAMICO

CAMICO Mutual Insurance Company was founded by CPAs in the 1980s, introducing a new way of approaching accountants’ professional liability insurance that focuses on helping firms reduce their risk exposure. In addition to comprehensive policy coverage, policyholders have access to a wide range of practice and risk management knowledge and tools, created by CPAs for CPAs.

Twenty four years later, CAMICO continues to be the leader in innovation in practice and risk management issues facing CPAs and in providing CPAs nationwide with new insurance options. Through its wholly owned subsidiary CAMICO Insurance Services (CIS), CAMICO offers an ‘A’ rated CPA insurance program that is administered by CIS.

FREE REPORT

5 WAYS A CPA
CAN GET SUED

After 24 years of malpractice claims experience, CAMICO has developed a wealth of information about what causes disputes between CPAs and their clients, what leads to litigation, and how to avoid or minimize the damages from such conflicts.

From CAMICO's own claims files, this report describes five pitfalls that are especially prone to litigation and offers some preventive risk management advice.

Click here to get your copy of the free report

 

 


      News Contact Us Testimonials Employment Report A Claim For Our Agents
 

       Copyright 2014 CAMICO Mutual Insurance Company. All rights reserved.  
       Coverage for the CAMICO program is provided by (i) CAMICO Mutual Insurance Company;
       (ii) Liberty Insurance Underwriters Inc., administered by CAMICO Insurance Services. 
      1800 Gateway Drive, Suite 300, San Mateo, CA 94404. Toll free 1.800.652.1772
  
Privacy | Terms & Conditions
                  

FOLLOW CAMICO