Video: Prevent, Protect, and Be Proactive — Cyber Security Threats | Duration: 3728s | Summary: Prevent, Protect, and Be Proactive — Cyber Security Threats | Chapters: Introduction to Cybersecurity (25.87s), Cybersecurity Landscape Overview (375.975s), Cybersecurity Risks Explained (723.005s), Insider Attacks and Consequences (1263.3251s), Cybersecurity Response Planning (2031.225s), Conclusion and Contact (3455.6848s)

Transcript for "Prevent, Protect, and Be Proactive — Cyber Security Threats": Hello, everybody. Welcome to Prevent, Protect, and Be Proactive. This just so happens to be, cybersecurity awareness month. So we're here today to talk to you about cybersecurity for tax professionals. Little housekeeping. So today, please follow the best practices for the, for this, webcast. Everything is gonna come through your computers. If you've got any questions, you'll be able to, note those in the chat. As this event's wrapping up, you're gonna be asked to take a short survey. These are very helpful in determining what kind of content is helpful to you going forward. So please stay around and at least complete that for us. Additionally, there will be some polls in here. I think there's three in this event in this, in this event today. So keep an eye out for the polls. They'll be in your left lower area. You'll be able to click on go to polls at any point in there to see them, answer the questions, or you can just wait. And once I announce, the poll, it's gonna appear up on your screen. At that point, you'd be able to select the answer you want. We'll wait about ten seconds to give you a chance to get those answers in. All and the main disclaimer here is the session is educational in nature, and should not be construed as tax advice. There'd be pretty much no conversation on tax other than to identify that you are a tax person. The rest of these are standard, disclaimers that are on on all the Intuit presentations. This course or this webinar, is gonna provide one CPE credit, and it will also provide one IRS CE credit. To receive those credits, though, you're gonna have to answer at least one of the poll questions. Really, you should do all, and you and you will need to attend at least fifty minutes fifty, five zero minutes, of the webinar to be eligible. So welcome, everybody. Who am I? My name is Steve Ferguson. I am a thirty year licensed insurance agent in all 50 states for all lines of insurance. I I have a background with specialty insurance lines over my career, with a pretty large focus on cyber insurance as well as identity theft insurance, which are two different things. I've also I've owned an MGU, which means I've had the underwriting authority for up to 10 carriers in my life, which means I construct policies, file them, submit it to the state for approval. And in addition, I've served some big clients. I worked with the big three. General Motors was a client for many years. I've done written policies for for the NFL, and we've constructed programs for banks such as, Bank of America. So I've got a pretty diverse background, and I've been a this current company, Protection Plus, was a client of mine, for over twenty years, before I came on board to help expand and provide some insight onto the cyber insurance world. So what's Protection Plus? So Protection Plus specializes, in developing we've developed the premier tax resolution service in the country. We're integrated into your software. This is a tool that is something that you provide your clients. So we're a million dollars of tax protection and identity theft restoration services that you include as part of your practice for your clients. In addition, since we work exclusively with 50,000 tax offices and we cover 20,000,000 returns, it became evident that down the road, we needed to find a simple cyber solution for our tax partners. So we developed some cyber products that would help you if you need a cyber program that includes insurance as well as the elements, that will help your, that would that would help your organization stay safe. Today, I wanna go over what's happening in cyber insurance, some common attack tactics that you need to be aware of. Some you're gonna know, some you haven't probably heard. A very important step is creating your WISP, your written information security plan. Also, I wanted to make sure that you're clear on the difference between that and the incidents response plan. They are two different documents. They can be incorporated into one. And then at the end, we'll have a q and a session for you, to ask any questions you need, and then show you how you can reach out to us at any time. Really, the goal here is this is cybersecurity awareness month, and I want you to be aware of what's going on there out there. You've gotta understand how these tactics work and how they deploy them. You're gonna be amazed with some of the stuff we say. Well, the majority of this stuff isn't some bad person sitting behind the screen. A lot of this happens just simply by errors and not being prepared. Also, you need to understand what you have to do when you have a breach. There's been recent reports out there where some executives are almost denying it and not sharing this info, and it's creating some great exposure for not only the executive, but companies out there. Also, I wanna we're gonna walk you through how to write the WISP, with a little bit of help. If you need help on that, I'll even you know, you'll have our information as well. We have a team of trained people internally that can get you through that process. And, also, I wanna make sure that I explain, you know, the details of the response plan, on what how it works and what you need to do to, make it implemented at your at your facility. So with that being said, here's the first poll question, everybody. See, they're trying to make sure that you're watching. What is your primary reason for attending this webinar? A, is it to earn free premium or, to earn free CPE? B, is it to explore new solutions? C, is it to solve a specific problem? D, is it general interest education? Five, other. Please take a few seconds, get that filled in, and we'll move to the next screen. Okay. Thank you, everybody. So where are we now? Just to put this in perspective, not this year, but last year in 2024 on April 12, the largest, data breach in the in history occurred, and everybody on this call in The United States, in Canada, and England, everyone's identity was exposed through a data breach through a data center in Florida. Doesn't mean everyone has used that information yet, the the cyber criminals, but but it was exposed. So there is a massive amount of data out there, and that kinda starts the process when cyber criminals figure out, what's what's available to them, and how to get aft and how to go after it. The the good news for this industry is up until about a year and a half ago, tax and accounting was the number one target for cyber criminals. The significant change is that is, cyber criminals now have found that they can go after hospital medical records, because that's a the information is is just as juicy at times. But because they get infants' information and secure Social Security numbers, it allows them a longer time to potentially use that in different scams before it's detected. It's very difficult to use an adult Social Security that files taxes, because typically within a year, it's gonna get discovered. So it's got a much shorter window. So the good news is we've fallen to number two in our industry. The bad news is you're still a target, so that hasn't gone away. Here's some statistics that you need to be aware of. And these are almost laughable and at at times because it it really is happening at a fast rate. And as you can see, United States, a, just because of the the wealth of our people, we are attacked frequently by a lot of the countries that are listed on this sheet. Some of this stuff is cyber warfare that's going back and forth. It's known that the next real war is gonna all happen digitally. It's really not even gonna be in a people war. It's gonna be attack on ecosystems of an economy, of a country. It'll paralyze systems. You've seen it with the, fuel attack on the cybercrime a few years ago, where it stops some of those shipping, fuel shipping, entities out on the East Coast. So cybercrime happens in all kinds of manners, with hackers, and there's some other breaches that will occur as well. The big the the bad news is the cost is getting excessive. These big, these big breaches cause quite a bit of damage to the cyber insurance landscape. When the insurance rate goes up to insure these big ones, some of that trickles down to these little offices or normal sized businesses and not major corporations. And this is not something that we're seeing curved yet. So you can expect that your premiums should go up as long as these crimes get keep getting hit, and they get these large ransoms, from these corporations when they steal this stuff. And it happens and, again, major corporations it happens to, and this happens to the government on a consistent basis. So be prepared for it is all we can say. It's not getting any better. It's getting worse. So what we're here to do today is get you as protected as we can. Alright. So one of the things I like to ask for is who's got cyber insurance? I'm gonna give you an example. Sometimes people don't know if they have cyber insurance or they see that in a business policy they have. They may have elements of cyber coverage. But if they haven't bought a dedicated cyber insurance, here's the best analogy I can give you. Everybody here owns a car. Everybody probably or should have auto insurance. If you go get into a auto accident, you are asked by your carrier to go out and get estimates on body work, mechanical work. You send those estimates in, carrier writes a check. Pretty much how most insurance works. Same thing if your house burns down or you need damage in it, you have to go out, you have to get estimates done, you send it to your insurance, and so on. So you can go buy insurance out there from hundreds and hundreds of carriers, that will do that. You go do all the works, You have a breach. You get it all fixed. You handle the process. You follow everything you need to adhere to that we're gonna cover later, or you can buy in specific products or programs that are designed for the tax and accounting realm that not only have the insurance element, but you pick up the phone and they handle that process for you. So think of it a concierge way of having your sir insurance provided to you so you're not having to deal with any of it, and you have experts handling the whole process. So that's what I wanted to identify if you have insurance. And if in that insurance, you understand that, that it actually is applicable to what your needs are. Also, do you know the and do you know the difference between cyber in, breaches and identity theft? So cyber breach is any technical data that gets exposed either through the Internet or actually can actually leave your door that has client data that can get transmitted digitally. An identity theft is something where it's hacked, it's been out there, and someone has already stolen it, and then they use that against an individual. So cyber really is gonna be relegated more to an organization or a company that has this data breach and exposes all the client data. That doesn't mean it's stolen. It's exposed. This theft of it is pinpointed towards each individual who has had their identity theft, or their identity stolen and hasn't been used and used. So it's a little it's slightly different, and there's two different types of of responses you need to those two issues. Cyber is something you as an organization need to deal with. Identity theft can be part of a cyber breach, but it's not always the case. Alright. Cybercrime in small to medium business. This is rising constantly. Cyberattacks disrupt we get we get hundreds of calls a year from clients and even some of the big tax softwares on behalf of their clients saying, hey. There's been a breach. Can you help? This keeps happening. It's growing every year. Phishing attacks have become more and more prevalent. We're gonna cover some of that. AI is a monster in the process right now and causing a lot of disruption, and is doing it more brilliant than ever. AI is a great tool. Right? It helps in all kinds of things, but just because you're doing legitimate things doesn't mean a criminal can't use AI to do, illegitimate things and cause more chaos. They do it, they found out how to use it, and they're using it regularly. We'll go over a couple of these in, relatively soon. Phishing, still one of the most common attacks. People send out these test emails. They usually look a little altered. This is what causes probably half of the employee initiated breaches. Not intentionally, something comes in, sometimes it'll come in from the CEO of a company, and it looks legit. Somebody answers it, does something, wires money, whatever, but phishing is still one of the, easiest tactics they can deploy. And now with AI, they can do it on a constant repetitive motion, and they've actually learned to move not only to, email, segments doing it. They've also learned how to move it into the texting world, telling you all tolls and stuff like that. So phishing is still relevant is one of the biggest ones, and we'll cover that as well. Man in the middle, that's really the we call it the coffee shop one. That's where somebody goes in, puts up a fake domain in a coffee or a fake website on in a coffee shop, you go to the wrong one, sign on, and now he's in between you and and your client. He's starting to drain, information. Malware, that's where they once they're in the system, they're able to do something gets in your system and it's able to penetrate and give access to a criminal outside. And ransomware, that's when you go in, you open up your computer, and you find out someone's asking for 50,000 in Bitcoin. Otherwise, they're gonna sell your data. Ransomware and malware are very similar, and very damaging and costly to deal with. Here's some more elaborate ones. You have social engineering, SQL injection, DOS, or DOS, d d DDOS, and then you got cross site scripting. Those definitions, are are they're they're they're common these are common occurrences out in the cyberspace that you won't run into too often, but you should expect on occasion. Just be aware of them. That's not really something that's gonna probably be too applicable to a normal office, but you may see those out there. These are just some of the, elements that they're developing. Here's one of my favorite ones that is pretty much anyone who's used Google has probably seen one of these. They call it Mulvertising. This is relatively new a few years back. They took on a they basically criminals have learned how they can run actual ads, buying ad space in Google or other platforms, and then you clicking on something, you think you're buying or shopping for something. And while you're looking at it, before you discover it's real or not, they're getting into your system depending on what approval and things you lot allow them to click into. So that it that seems to be a very effective, process. So, again, trying to divide I would always suggest use a business computer versus an individual computer. Keep them segmented and separated. You know, this way you're never exposing client data. So trying to keep employees or ever doing anything on the personal side on the business computer is a great strategy to deploy to try and keep your operation as safe as possible. The other big, thing that happens is insider attacks. It's it's very easy for criminals to get somebody hired in larger firms, and once they have access in there and learn the processes, it's not difficult for them to put something on one computer or even when they're coming in for an interview, depending on what your security is like, for them to walk through an office and be able to penetrate and get some action or activity by getting near one of your computer systems. Phishing attacks, I think you're all aware of these, but they're pretty simple. It's not uncommon for somebody, to send in something, especially you in the tax industry. We see this all the time. We've seen it where somebody has sent in an email, on the fifteenth of a month, whether it's April, September, October, or on the fourteenth when they know these dates are getting very busy. They send something in and it's all urgent. Oh, I need my, real estate, tax form right now, or can you give me the banking information that we send taxes to or for insurance? They hit you with all of these at a very sensitive time. These criminals know when you're most vulnerable, so you're not paying as you're not giving it full attention, you're trying to get through things as fast as possible. So that's when phishing attacks typically occur at your most stressful and busiest time and they know when to deploy these, And all it takes is one little mistake, and employees do it, you can do it. It's nobody's fault. They're very creative, but once they've opened it up, they're in there and they have access. It may you may not even know this because you're off being busy. Sometimes it may take you a year or two to even discover someone's been in your system for that long. So phishing attacks are very, very prevalent, in your in your world, especially around the busiest times of the season. Very important to train prior to the you getting into the business season so people are aware of them. Ransomware attacks, this is another very, common one. You know, here's an example where the, passwords were used. They got in. They were able to lock up the files. And then this person, if you have insurance for these types of things, you're you can deploy your carrier to help you get the ransomware, pulled off, pay the ransom. And a lot of times, that's what has to happen. That's why you do wanna have policies that cover that type of activity. The problem is when any of this stuff happens, if information gets out that you had a breach, it really erodes your, your stance with your client. They're not very happy when they feel their data's been compromised, and it's gonna reflect on you. So be aware of these and make sure you have coverage to help you in these because the faster you address them, the faster it gets fixed, the less damage occurs. Man in the middle attacks, that's the coffee shop scenario. It happens all the time. You should not be out in space using other networks. You all have cell phones. Use your hot spots. If you try to log on to do work on someone else's network, you've there's always possibilities of exposure no matter how well your computer system is locked down. Insider attacks. Here's a great one, that was accidental that I can tell you about a client called last year. An employee had informed them that they were leaving and starting their own practice. And fine. Goodbye. The employee leaves. Well, after the employee leaves, the owner is going through the files and notices that the employee had been sending copies of forms they used internally, that were developed, really good forms that help keep things organized and structured. Unfortunately, when the employee sent them to themselves, in their personal email, they had transferred clients' data in that. And, folks, that is a data breach. Client's data left an unsecured a secured place in an unsecured manner without no knowledge, so that employee that employee, any of that personal identifiable information that employee sent has now created a data breach, something that simple. And it wasn't done maliciously. It was honestly an accident, but guess what? It's still a breach. You still have to do everything that you that's necessary to make sure that it's identified, it's notified, and all the clients are aware. You still gotta go through all this process. That's a lot of add, added added cost. Premeditated, well, that's just unscrupulous people that get in. They you know, some of them like to come in. They harness that data once you give them access, and they hold you ransom as an owner for that. Hey. You want this data to get out or, you know, pay me. So those are things that happen in the real world. We've seen all of these scenarios pop at some point or another, in the years of servicing, this tax industry. These are some of the consequences when you get hit. It's not uncommon for you to spend six months trying to get it fixed if you have to do that yourself and you don't have the proper insurance as well as the breach response team to fix it for you. As I said earlier, it's just like getting in a car accident. You gotta run around and get all that stuff done and then send it in. They pay the bill. Well, when you get breached, you gotta go around. You've gotta hire an attorney to write the letter. You gotta grab in it. You gotta get an 800 number so people on the letter have a place to call to report anything to the breach. You have to have that letter sent to everybody to make sure that every that everyone on your file was notified there was a potential breach. You have to then monitor all of those people through the credit bureaus, all three of them, for the next year to make sure that they nothing from your breach, affected and or impacted them. You have to do all of that, whenever you have a breach, and you have to burden that cost or take that time to get that done. If you know how to do it, great. It typically takes a normal office up to six months to get that fully flowed in process going, properly done and handled, and then somebody tracking all of that as well. Very expensive. You know, you should expect, and we'll cover it later, but you're gonna expect a high cost on that. And not not to mention that you're once you lose that data, depending on how bad it is, you have to get it back. You have to rebuild that. There's a likelihood that your system is gonna be, incapacitated for some time. Think of the burden that's putting on your office, as you're as you're slowing up to try and make up, whatever the lost time you're gonna gain on this. And, honestly, the clients, once that letter hits, there's gonna be a lot of them questioning, do they wanna work with you, continue working with you, in the event that you were the cause? So it's it's very difficult on the relationship between you and your client. Reputational damage, there are some that have actually turned into, class action lawsuits, because a firm was very lax in protecting that data. And then once that gets out and then it gets into the media, it's very hard to attract new clients then. Obviously, if you have, inappropriate hits, and depending on how does it work, there's a chance your premium insurance will spike. Not only that, you're probably gonna have to go what they call a substandard market because, generally, cyber insurance carriers won't take on somebody who's been breached, especially if it looks like you the if it was a very lax breach. Up you know, the the and, ultimately, you and when you go to the substandard market, you should expect about a 10 times current rate on the premiums you pay, so it can be a substantial hit. I can tell you last year, Protection Plus, when I hung up the phone with six of the people that were calling to report claims, that didn't have insurance with us, but we helped them, I would I I informed our staff that I'm pretty sure that those six will be out of business, and I was able to verify five of them were. It is devastating and crippling, and it can be extremely costly depending on how bad it was. So you have to be aware that the consequences can be complete total loss of your business. Mulvertising, you know, this is you know, I I covered it briefly, but this is where they're using tricky ads to get you to in engage. Once they have you engaged, it's very simple for them to get access into your system because you think you're doing one thing and while they're in the backdoor, portraying or or portraying that they're doing one thing and they're in the backdoor literally going through all your drawers. Here's some examples that are, real ones. The text, emails. They're they're usually there's usually little errors on there that you could find, but you gotta be cognizant of it. Your staff needs to be cognizant. Look at these things. I know personally, I keep getting stuff, from the toll roads that I owe money. I need to go on there and update my credit card. Well, the toll roads don't tell me don't do this. They automatically do that. I have that set up. So they're they're they've gotten very creative, and they have no problems mimicking anything. There's been times I've had to call the FBI on calls I've received just to say you need to hear what they're doing these days. So malvertising comes in all kinds of forms, fashions. It's really up to you to take your time and read things, and if it doesn't make sense, folks, it probably doesn't make sense. So that should be your first thing to put your antennas up. Here's another few examples, that I can show you, but this is all very typical. It looks they probably look real. They look almost like they're computer generated. A lot of them are, purposely, so they look more tech side. But this is something that is happening on a reoccurring basis every day regularly. Here's one of my favorites. I know that I got this myself, from Costco. Everybody probably has a Costco membership for the majority of you. So you see that trusted logo, and right away, you start thinking, alright. What should I and then you start reading it. Oh my god. A gift card. We've had this happen, and, honestly, these again, you're gonna see these in your busiest time is when they deploy them. So, again, you should have your antennas up around the busiest time of year for yourself. AI. This has turned into a monster. AI, every time like, right now, I'm being recorded. My voice is all over the Internet now. It wouldn't be hard for an AI bot to, to take my voice now, download this whole conversation, and ultimately use my words, how I speak, and to pull and run that back through an AI bot and create a speaking version of me that asks for inappropriate things. They do this all the time. They're able to make it, create it. It sounds like actors or some stuff out there with Hollywood where they're already concerned and how actor can actors can emulate them. There's what Abba and, I think, KISS have designed avatars, so there's actually things that'll sound like them and look like them out there. So AI is a very dangerous animal in this space and that will be the leading factor for hackers going force forward because they can deploy AI twenty four seven, constantly trying to develop, learn, find the holes, so they're just getting more creative faster, quicker, so the response and the protection needs to keep expanding as these, these AI bots are finding every little aspect to deploy, assets against. This is why AI will be the big thing, happening in the in the future. Plus, they can get creative and make phishing really personalized right to you. It's it is the most advanced cybersecurity, scenario it's a a way of method of attacking that they've ever seen, and that's not gonna change. So we have to do be due diligent and be as current as possible constantly to stay on top of that. Here's a couple of attacks that that you should be expecting. Phishing that's gonna look really real. You're gonna really have to dissect, dissect what you're looking at. Chat box. You know, this was something funny that I learned in a course on AI. They're gonna have the the the the AI systems learn what you feed it. Guess what? If you feed it criminal data, misleading data, and then you turn around and ask questions, you may be getting misleading information. It's the so they're using the AI bots against you, by teaching it inappropriate things, and they're actually using it to to write code. So everything happens at a it's the same that's always been. It's just at a much, much more rapid pace now. So just remember that while we're putting all the good as good as we can information and accurate information, They're actually manipulating AI with things that are gonna help them obtain your information and your clients' information. So always have your antennas on, especially when you're playing in the AI world. And anything that isn't coming from an actual person that you know, you should be aware of, going forward. Couple of identity theft breaches. We had one last year where there was a, a lady that call or we had to call her. We actually with our product, since we do identity theft restoration, we had to inform her that we had seen an exorbitant amount of identity theft cases on taxes she was filing. It was about 30 in, and she called us because she couldn't file some more taxes, and we had gone over 40 identity theft scenarios, with her clients, and we noticed that, nothing was getting better. So when we got her on the phone, she said she wasn't aware that she had been breached. She didn't have insurance. She didn't know how to pay for it, and, ultimately, never called the IRS to report it, never called the the the the, the authorities, and it wound up causing her to go out of business. She had, it it somebody had gotten into her system. It had been in there for over a year, and had been literally draining all her clients' files and had been sending ident, sending that information in and filing false tax returns and sending all the funds to foreign banks. It took her almost, six months to discover all of this that had been happening. No one want trusted her with their tax information anymore, so she had no more clients, essentially, and she wound up going out of business. So it's some of them can be very prolonged. Other ones, can be very simple and quick. You can get a a a a criminal in there that can find your EFIN somewhere. Once they have that EFIN, they can start do manipulating tax returns real simple. They get a lot and they can go in and manipulate where those payments are sent. It's it's they know how to target them, and how to and how to find them, so be very protective of your eFIN. Alright. Security plans. WISP, written information security plan, cyber insurance, incident response plan. Kinda three different elements. They all work together. Let's go out how they would, fit in you. A WISP. A WISP is a live document. First, I guess, in questions is who's created a WISP? We're going to a poll question here. So what's the best way to protect your firm against cybersecurity threats? A WISP, cyber insurance, incidence response plan, all of the above. Ten seconds, but I hope it doesn't take you that long to get that answer. So, typically, we like to ask, who's created a WISP? Lot of people aren't aware of even what a written information security plan is to be, you know, in detail. They hear this. They don't know what it entails. Let me try and make this one as simple as possible. A WISP is a live document, and it's basically everything you do to protect data. It could be that you do a backup every week, every day, every hour. It could be that you take backup tapes to a safety deposit box. It could be that you use security cameras. It could be locks on the door. It could be, antivirus software, it could be you have an IT person coming in and scrubbing files, it could be that you download everything onto a hard drive that you ship out. Anything you do to protect data or, as I call it, build the wall. How do you protect yourselves when you build a wall? You live inside that wall, and that's what protects you from the outside elements. It's important that it is living, and what I mean by that is I know I run through a new computer pretty much every other year. Well, guess what? One may have Norton antivirus, one may have McAfee antivirus. What version of that do you have? That needs to be listed on the wisp. You need to know all the protections that are involved in protecting this data. The make the primary reason is it's required of you from the FTC. We'll get into that a little later, but reality is you really wanna know what is in place because when it doesn't work, everyone needs to kinda know that. Because if it didn't work, you need to fix it, obviously, and you need to make sure that it that you have upgraded or or a higher standard of whatever you're using at that point, on your next level of your written information security plan. It should also include, how you're going to train, test yourself, test your systems. It should also make sure that it is compliant with the laws of your state and the federal government. And keep in mind, state and federal laws do not match or mimic, so you need to be aware of that and make sure that your WISP is compliant to them. WISPs, can be complicated. There is an IRS regulation out there on how to do it. It is a little tough to read. There are simpler ways to do it. It shouldn't be that all that complicated, but the basics is get the company name down there. The version would be like version one would start today. Identify who the boss is, who's gonna be handling any of the information that goes out there. So this is pretty easy to log down, I would hope. How are you list. What are you doing to protect the data? What kind of data do you typically handle? Obviously, in your space, you've got financial information, you've got social security numbers, you've got, federal identification numbers in many cases. You know, what are you protecting? You wanna have a list of that. What regulations apply to you depending on what you do? Again, you're going to be under FTC and IRS regulations for sure. Then, who is responsible in your organization for keeping this updated? You want to make sure that these are identified in a WISP because that's something that gets looked on by the, by any agency that's reviewing you if there is an issue. Here's if any of these categories are you, you know, do you have employees, do you prepare returns, do you collect data, do you use any third party service providers, do you operate in multiple states? These are the laws that apply to you. Grand Pleats Wylie Act really is what started this all back in 1992 with the FTC and banks, but it's kinda spread into the accounting and tax, rules or world, so you have to abide by that. That's what requires a WISP. But even the third party one is a real it's a real key one because you have if you're dealing with outside vendors, third parties, you still have to have an element of protection there, and you should be checking to make sure they do as well. If you've got employees, there's HIPAA data that can be exposed. That's very sensitive because that's got all of their employees' health records as well as social securities. So all of these are elements that you should be contemplating when you're developing a WISP. How can you make things better? Have a plan on where you keep data. Make sure everybody is trained on how to use it and follows it. Know how to clean that data or scrub it or get rid of it when the time is right. You have to have I'm not saying be a disciplinarian, but you have to make sure that you've got a way to lock this down, make sure your your your, employees understand that there are consequences if you don't adhere to a standard. You know, again, you don't have to be a dictator, but just make sure that listen, that they understand that this their job is in jeopardy. Everyone's job is in jeopardy if this is loosely handled. So you have to stress the importance of this. You do wanna, again, keep that wisp fresh and alive. Keep it up to date. Anytime you make a change, maybe tomorrow you add ring doorbells to your, sir to the, office, Well, that is an update in security. Add that in there. This will really help you down the road if you ever have a breach. Now the breach happens, what do you do? You do want that WISP available so you can you can get to it, but this is where it gets very, very, key in what we say. The response plan, the IRS requires that not only when you create the response plan do you create it, but you have to print it and keep it in your office. And it's exactly for this process because it's not required that you print a WISP to keep it in the office, but the response plan, which should be part of the WISP, has to be printed and in the office. So if you do yourself a favor and put it all in one, it'll make your life easier. But the response plan's intention is to make sure that you have a resource, a place to go, so when you do get hit, you have something to follow. Imagine getting into a car accident. You're kinda frantic. You probably don't even remember most of the time that you're you're maybe you have a card of your agent in the glove box. That's how old I am. So you wanna go in, grab that card, call somebody to help you because you're kinda spread your goal. What should I do? What should I do? That's the purpose of a written or the, written response plan. It gives you a guide, a map, a next steps to take, what you should do, call your insurance, call the authorities, get all that process flowing. The faster you address it, the easier it is to fix it and the less damage you have. Once you get hit, you have to make sure that you get notifications out right away. You've gotta make sure you get a forensic exam done right away. Again, these are things your insurance can help you with if you have insurance and the proper one, and this is things you should want in your insurance to make sure you have help doing all of this. You don't have to, but that is the easiest way to address what what you need in the realm of a breach, is having the insurance with the services to help you. Know what kind of you're gonna have to know what kind of security, software you use. That that keep that updated. Make sure you're updating your softwares every day or every week because just think about it, as the as the security gets a patch, the criminals are already trying to figure out how to get that pass, pass that patch. They even have zero day issues where they issue it and they try to go after it that same day after the fix is out there, and they can penetrate it because they found another flaw. So updating your software should be a key key element in your security plan. Make sure it is updated every day if you can, and there should be a reminder, some kind of a task oriented thing in your organization to keep that updated. And somebody should be botching that regularly. That is the cheapest way to keep yourself protected. Authentication. Use, multifactor authentication whenever you can. Get ready for this. Coming soon, you're gonna have something called zero trust authentication coming. The highest levels of the government are using it now. That'll be something coming down the pipeline, so be aware of it now because they've already figured out that they can even bypass two factor multi or multifactor authentication at times. So while it works and it's great, you should deploy it. There will be new things coming in the near future. Do you know, know about if employees using password managers, and make sure you have rules in place to make sure that they're not reusing things. I know one of the tricks that, you know, we've seen over the years is try and tell employees to use, like, the title of their favorite song as a way to create a nice long password. That's definitely gonna be that the systems and the automated systems trying to breach these things, have a difficult time getting to that number of configurations. Also, Wi Fi security. You should not have you should have everything encrypted and protected. Make sure you are not using factory settings. That is something that happens all the time. It is one of the biggest reasons for, breaches. If somebody gets their Wi Fi, they don't reset the password in it, and they leave it in factory settings. Well, guess what? Every criminal knows what the factory settings is because there's only a handful of manufacturers out there for Wi Fi units. So all they gotta do is come up and keep testing it to see if it works, and 95% of the time, they get in if you don't do that. So So that's a real simple fix is make sure you're not using the default factory one. Work remote access, obviously, with, COVID a few years back, is a is a very, prevalent thing in these days. So you wanna make sure that you have whatever access your employees are having, that you do have two factor authentication when they're especially outside the office. You wanna know when they're accessing your stuff, so have limits on it, or make sure you can track all of it just for your protection because you just never know you know, those are additional elements you add to the equation when an employee is taken and has access to all your systems and work protocols and data, when they're remote. So make sure you have that tracked and documented extremely well. Remote access. You should have rules in place for employees when they are working remotely as far as, I'm sorry, device security. Oh, I'm sorry on that. Make sure when you get new, equipment that it's going through some kind of a check. Make sure that you're keeping up to date standards on that equipment. Don't always use factory factory settings on a on a system. One of the other things I can always recommend is don't just use the free antivirus software that comes with it because guess what? The criminals have that too. Pay $40.50 dollars, buy an up upgraded level that has more protections to it. Typically, criminals aren't spending money they don't need to, so go one step beyond. You don't have to go to the best plan ever, but spend a little money and get up there and get that get the next level. That is gonna be a smart way to do it, and it'll it'll probably save it'll make it harder for them to get into you, easier to go somewhere else. That's all we want. We want them diverted. Employee training. Honestly, you do have to spend time. There are a lot of, insurance programs you can get where they will actually simulate, the, fishing exercises on your staff. You should have a regular testing of your systems just to see are you vulnerable, are your people vulnerable. Training, training, training, it really, really helps, and it will make it it'll be a big difference maker for you. Again, you don't have to be fully protected because you can't. What you have to be is as smart and be as proactive as you can to prevent some of these issues. Here's what a a typical sign off on your WISP would look like. You'd have a review date next date, approved by, and signature. And you'd want this on the document because, again, when something happens, they wanna know when's the when's the late the last time you you was looked at or approved. Time means everything in these. Here are some, things that you want in your insurance. There's a lot of things here. I'm gonna point out the most important is your breach. You want breach response services. So not only do you want it to pay for it, you want a service that when you get hit, you can call them, they're gonna get working on it. A good program will immediately issue a, a patch onto your system to identify and do a forensic exam to find out where the problem is, identify the problem, help get that resolved and closed right away, immediately get an attorney involved to get the letter written, determine where the exposure is. If there's a ransomware out there and they need to start trying to claw back anything or negotiate, they start that entire process. So that's what you're looking for, somebody that's going to handle that for you. They'll all write the check later, but you want somebody that's going to get in there, handle that, get that all set up and running for you so you don't have to all of a sudden become a cyber expert on how to deal with breaches. Languages and policies can differ very differently. Look for insurance products that is focused on the tax and the accounting industry. You can buy cyber insurance that works for a garage. Most of you are in a garage. Find the one that fits, and don't be afraid to ask questions. You have a specialized, skill set that you guys you you do, but because of that, you have documents and files that most organizations don't have. You need specialized coverage for that. Your legal requirements for your, written response or your for your, re the yeah. The, I'm sorry. The security response plan. Here are the different ones from the different publications. You got the FTC, you have the IRS, you got the Grand Beach filing act. State laws vary from state to state. Make sure you're aware of that. There's, how you have to, data how you have to do data breach to the IRS, and then what you need to do to report to the Federal, Trade Commission. Know these because and see how it applies to you. Everybody on this call or or webinar should have to adhere to all of these, and keep in mind when you deal in multiple states, the law is different drastically, cyber related from state to state. Here's some other ones that you need to be aware of. Penalties and liability that you can get on this. Again, you want policies that cover most of these elements to make sure that it's not something that you're gonna have the burden of. So please don't please make sure when you're looking at your policies that you know it's gonna cover these exposures and vulnerabilities. It's essential, and I'm gonna tell you these are big, big numbers when breaches occurred. Alright. The planning guide. Once you get hit, the first thing you wanna do is try and get as much of the whatever is exposed out. If you see it out in the, if you see it out on the web, try and get as much of it down as possible. You wanna get your system shut down as possible as fast as possible. You want everything shut so you can hopefully stop the bleeding. That's the first thing you're gonna do. Then you're gonna wanna get then you're gonna wanna get the process rolling. You're gonna need to get an IT person to do a forensic exam. You're gonna need to get an attorney involved. You're gonna have to loanify anyone in your company to make sure everyone's following a certain protocol, and that there is no more you don't wanna leave any doors open at that point. Then you have to have the like I said, the attorney will have to write the communication for the, clients, so you can get that letter out immediately. You wanna make sure if you are on a search engine, you wanna go out right away and check and see about what it's saying about your information, what's does it say anything that you guys have had in a breach? Anything you can do to get that cleaned and off those, search engines you wanna do immediately. Start monitoring websites. Again, this is all part of the process. Like, like, this is why you wanna have a breach team working on your behalf when these occur. It's part of the report. For reporting, you're gonna have an higher you're gonna get to the IRS, let them know right away. They're actually very helpful in this. This is one of the things they do very well. You will have to notify credit bureaus, If most of the times, your breaches are gonna incur with a Social Security, so you're gonna have to get the credit bureaus involved. And then again, you have to let the individuals know, that they probably wanna get their credit frozen because you obviously do not want them to get any further damage because you let the cat out of the bag. Clients, you need to help them. You're gonna have to provide credit monitoring. You maybe have to interact with law enforcement to show proof of what happened, but notifying the client is essential to actually mitigate your liability as well because data is out in many, many, shapes, forms, and sizes these days and for many places. So what you're trying to do is make sure they're aware, you identified it, and you're getting it fixed. And, hopefully, if they are exposed, it isn't from your breach. It's somewhere else. So, again, getting it out there and being upfront is the easiest way to prevent it and make them informed about it. Your insurance company is who you should be working with handling all of this, but, again, if you have to do that, you're gonna have to go through these processes. Do security alerts on yourself. You're gonna have to, again, test your systems. Check you you're gonna have to add phishing to your ecosystem. You're gonna have to have, rules if they see anything that they're reporting it. Any and keep an eye on e filed returns that bounce or you have an issue with. That seems to be very, real identify identifiable issue, in the tax and accounting space is once you see that a a tax return didn't go through, you might have a problem. And not that the breach necessarily happened from you, but maybe the client got breached. But either way, you wanna know about that and then keep your your antenna should be up when that happens because there's if they've done it once and they found a hole, they tend to keep digging in that hole. Again, this is key. You have to keep that response plan printed in your office. Whatever you do, there should be a copy and you should make sure your everyone in your team knows where that's at, so when they do get hit, they know where to go and they can start accessing it. The faster you get on it, the the the more damage you prevent from happening. It's just speed is of the essence here. So trying to find or search for it, it should be big, bold, and some obnoxious color that sticks out so everybody knows where it's at. That's a real inexpensive way to help mitigate your exposure. The databases by the way, they can find you a thousand dollars a client name, if you do not have your, response plan updated or printed in the office. You have to get with your credit age and and and the identity theft, on a per state basis to see what the rules and regulations are there. Some fines are excessive. I think California was $5,000 per incident. There's some that I believe that are even larger now. But the normal cyber breach, you should expect to write a check to 30 to 80,000 just to fix it. That doesn't include any liability exposures that may have impacted your clients. So that's kind of a big decent number that can impact a lot of people. So either have that money sitting aside and be ready or have insurance that is gonna help cover some or most of these causes costs. I'm sorry. Here's what to watch for coming up. AI, as I said, is gonna be the, the biggest attack. Now they're late and and the other one, it seems to be they're flying in and out of vendors. We've had a couple of instances where we've gotten reached by a client that we insure only to find out through the investigation that it wasn't through the client that the information was compromised. It was actually through a vendor. The information was transferred from the vendor through the client. But because we were able to prove that, we limited the, litigation on our client because it was the vendor's problem. But you wanna make sure that you've got all of these things tied down and you have good contracting with your vendors to make sure they tie down as well because these things get linked together very easily. Be familiar with ransomware. That's what's coming and that's big these days. If it happens, again, you need help right away. The faster you get to it, the less expensive it'll typically be. Email scams are gonna be prevalent forever. Denial of services, you know, where they're loading up your basically overwhelming your system, they're just pounding it with all kinds of data, hoping that it slows up and it opens up at some exposure. That is kind of the new the new attack process that they're doing. And with AI, it makes it very simple to do that. And there's some new laws that the the laws that just expired in data sharing in The United States recently, with the government shutdown. They haven't revoted on enacting everything. So there are some new laws out there that are creating some additional exposure that is a little scary because it's likely that the foreign countries are gonna know that we're not at an optimum level of data sharing right now, so it makes us more vulnerable. So it wouldn't be surprising, in the very near future to see these national organizations start striking against, United States organizations and the government again, knowing that our laws are lax right now, that we have to get some new ones passed to protect this further. Alright. So here's the last poll question. If you don't mind, let me read this out loud. Sorry. Let me get that there. Would you like a personalized sales demo or consultation about what you learned in today's training event? Yes. Please contact me. No. Do not at this time. So you have ten seconds there. Alright. So any questions, this is the time to get them out. Sorry we ran through that as fast as we could. It is a long presentation that we condensed to try and get it in in this time. Intuit was really what was was really, keen on making sure that we at least delivered, some semblance of what's out there, what you need to have. We at Protection Plus have a team of experts that are in house and be willing to answer questions. We're here to advise and help. We like when tax offices are up and running and doing a lot of tax returns because, we all benefit when that happens. Anyway, our team is here if we can help you. I wanna thank everybody for coming out today. Here is our contact information. Oops. There's a contact information. That'll reach me. Like I said, I've got a full team of agents in house that can work and help you. If there's anything else, we can help with regarding a list, we have tools that can help you write that. It's free. Please don't hesitate to contact us. Go to our website, thetaxprotection+.com. There's some resources there. We thank you for having us today. You guys be safe in the cybersecurity ecosystem. Here's a list of all the references we used today. We thank you for listening and, and joining us, and we look forward to seeing you down the road. Be safe.