You’ve got questions about the updated FTC Safeguards Rule? We’ve got answers.
Cole Two Bears, VC3’s Director of Managed Security, recently discussed some of the most frequently asked questions from CPA firms about the updated FTC Safeguards Rule.
In this 15-minute video, Cole covers:
-
Each of the new requirements, unpacking them in non-technical terms.
-
Why CPA firms should worry, even if they were creating information security plans as part of the Rule for years.
-
Ways to meet the Qualified Individual requirement.
-
What is most likely to trip up CPA firms.
This video will give you some actionable tools and next steps to evaluate your CPA firm’s compliance.
We also encourage you to explore some of our other FTC Safeguards Rule resources:
Guide to the Updated FTC Safeguards Rule Requirements for CPAs
In this guide, we go through each of the 9 FTC Safeguards Rule elements and show you what they mean, how to comply, and where you may need help.
3 Unexpected Ways the Updated FTC Safeguards Rule Will Trip Up CPA Firms
It’s easy to assume that how you’ve previously complied will continue to work. However, the nine elements in the new Rule contain very specific requirements that, while leaving some wiggle room for how you implement them, must adhere to strict best practices. So, how might your CPA firm trip up on these new requirements? We’re seeing three obstacles that you may not expect.
Continuous Cybersecurity Monitoring vs Penetration Testing for FTC Safeguards Rule Compliance
Penetration testing alone leaves you open to many cyber threats that could be thwarted with continuous monitoring, the FTC’s primary recommendation. This is not an area where you want to take a shortcut. A cyberattack can cause reputational damage, lead to lost revenue, and deliver a devastating blow to your productivity. Learn why you’ll want continuous monitoring as your primary method of meeting the FTC’s requirement.
IRS Publication 4557 Guide
We created this guide to specifically outline where VC3 can help you meet a requirement, where both you and VC3 must meet the requirement together (usually a combination of technology and policy), and where you must meet the requirement (usually a non-technical policy that you must implement).