VITECH has helped a wide variety of businesses, companies, and organizations with their GLBA compliance needs. We have helped businesses of all sizes, from the small accountant, to the multi-location CPA firm.
VITECH has multiple packages to help each organization, according to their needs. These are:
- Compliance Guidance (hyperlink)
- Base Compliance Package
- Security Policies & Procedures
- Employee Cybersecurity Training
- Security Risk Assessment
- Base Compliance Package + Compliance Guidance
- GLBA Compliance Audit + Certification
- Necessary to validate an Organization’s Compliance to GLBA Standards
Cyber-attacks aimed at accounting firms are a relatively new and very serious threat. Central to this trend is the fact that accounting firms maintain an abundance of personal and financial data, and serve many clients. Accessing a firm’s client base and related data is the ultimate prize for cyber-criminals, so hacking attempts are rising rapidly. In fact, the IRS estimates that 3-5 firms per day are breached, their data now in the hands of cyber thieves.
These attempts come in various forms including phishing, spear phishing, paid search phishing, pharming, URL redirects, etc. Unfortunately, these efforts can be successful if firms do not have appropriate security on their network, and/or have inadequate staff training. If a phishing attempt is successful, bad actors can install malware that, in simple terms, can compromise the credentials of firm members, thus gaining complete access to the data that firms have a responsibility to protect.
In 1999, the Federal Trade Commission (FTC) enacted the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999. While sophisticated cyber-attacks on accounting firms were rare at the time, the GLBA was enacted to protect consumers’ private financial information and govern the collection and disclosure of clients’ financial information primarily by financial institutions and others, including by CPAs, accountants and tax professionals.
Because compliance with the GLBA is mandatory, there are severe penalties for non-compliance. These penalties include imprisonment for up to five years, fines or both. An organization can be fined up to $100,000 for each violation, while officers and directors can be fined up to $10,000 for each violation.