Does the FTC Safeguards Rule really apply to our 12-person CPA firm?

Yes. The FTC Safeguards Rule (effective June 9, 2023, with revised criteria) applies to any non-bank financial institution including CPAs, tax preparers, mortgage brokers, payday lenders, collection agencies, and investment advisers not regulated by the SEC. There's no small-firm carve-out. Firms with fewer than 5,000 customers are exempt from a subset of documentation requirements but still must have an information security program, designate a qualified individual, perform risk assessment, and maintain an incident response plan. IRS Pub 4557 layers additional duties on tax preparers.

Can our staff use ChatGPT for client work?

Consumer ChatGPT and consumer Claude are not safe for client data — their terms allow training on inputs. ChatGPT Enterprise and ChatGPT Team with Zero Data Retention are different and can be used for client work if you've executed the data processing agreement and configured your tenant correctly. Microsoft 365 Copilot under your E3/E5 BAA is generally safe within the tenant boundary if SharePoint permissions and Copilot DLP are properly configured. Notion AI, Perplexity, and free-tier transcription tools should be blocked at the identity layer for any client-facing work.

How do we prevent client invoice BEC?

Three controls together: (1) DMARC enforcement at p=reject on your firm's domain so attackers can't spoof your outbound to your clients; (2) an out-of-band verification protocol for any wire instruction — every change confirmed by a phone call to a number from the original engagement letter, not from email; (3) anti-impersonation rules at the email gateway. We also recommend telling clients in the engagement letter that you never change wire instructions via email and giving them a single verification number — the cheapest control with the highest leverage.

What does an EFROS engagement look like for a CPA or consulting firm?

A 10-day fixed-fee scoping engagement that produces an FTC Safeguards Rule readiness assessment, an AI tool inventory with data-handling tier classification, an IRS Pub 4557 gap analysis (for tax practices), a BEC and client-fraud defense review, and a 90-day remediation roadmap. If you continue on retainer, the audit fee credits toward your first quarter. Most professional services firms retain at $3,500-9,500/month depending on headcount, AI surface, and regulatory profile.

What's the highest-leverage thing we should do this week?

Send a single firm-wide email asking every team member to list every AI tool they have used in the last 90 days — paid or free — for any client work. Don't punish. Just collect. You'll discover Notion AI, Otter.ai, Perplexity, consumer ChatGPT, and personal Claude accounts you didn't know were in play. That single inventory exercise surfaces the bulk of the AI exposure most firm owners can't see. Once you have the list, you can decide what to formalize, what to block, and what BAAs or DPAs you need.

For owners of CPA, consulting & agency firms

Cybersecurity for CPA + consulting + agency owners.

Your business is the trust your clients place in you. One AI mistake, one phishing email, one stolen laptop — and the trust evaporates. The big firms have a CISO. You don't. We're the CISO you can't afford to hire.

This is the owner version: how trust-based services firms in your band actually get hit, what an AI leak or BEC fraud costs when it lands, the FTC Safeguards Rule and IRS Pub 4557 duties you can't outsource, and what an EFROS engagement looks like for you.

Run the Cost-of-Getting-Hit Calculator →Book 20 min

By Stefan Efros, CEO & Founder, EFROSReviewed by Daniel Agrici, Chief Security Officer, EFROS

Reviewed by CSO · May 13, 2026

The shift

Why owners of professional services firms are getting hit more, not less

Trust-based services firms sit at a high concentration of client financial data, IP, and intimate business context — all of which has gotten more valuable to attackers as AI made monetization faster. Your firm holds more of a typical client's sensitive data than the client's own bank does. Ransomware groups know that. BEC operators know that. The FTC, which started enforcing the revised Safeguards Rule in 2023, knows that.

The 2024-2025 wave of consumer AI adoption created a second exposure layer most firm owners can't see. Staff use ChatGPT free, Perplexity, Notion AI, Otter.ai, personal Claude accounts to summarize, draft, and transcribe client work. Every prompt sent to a consumer tier is potentially a third-party disclosure under the engagement letter you signed with that client.

Industry stat: 31% of US CPA firms reported a cyber incident in 2024 per the AICPA Cybersecurity Survey. Average direct cost was $180k. Average client churn was 12% within 12 months of the incident. Most affected firms were under 50 employees.

The five ways pro services firms get hit

The 5 ways professional services firms get attacked

Drawn from FBI IC3 data, FTC enforcement actions under the revised Safeguards Rule, and the incident pattern across CPA, consulting, and agency firms we've worked with.

AI tools leaking client data (consumer ChatGPT, Claude, Perplexity)

A staff accountant pastes a client's K-1 into consumer ChatGPT to draft a summary. The terms allow training on the input. You can't recall it. Now you're explaining to the client — and possibly to the IRS — what happened.

Client invoice fraud (BEC variant)

An attacker spoofs you and emails your client an updated wire instruction for a project invoice. The client pays the attacker. Your client now expects you to make them whole or absorb the litigation.

Tax-season ransomware spikes (CPA-specific)

Ransomware groups specifically increase targeting of CPA firms in January through April. They know the deadline pressure makes you more likely to pay. The IRS's Pub 4557 Safeguards Rule expects you to have controls for exactly this.

Employee credential theft and account takeover

MFA fatigue attacks, OAuth consent phishing, or info-stealer malware harvest employee credentials. The attacker logs into your Microsoft 365 tenant and SharePoint, exfiltrates client folders, and you find out from a customer service ticket.

IRS Pub 4557 and FTC Safeguards Rule violations

Tax preparers, CPAs, and any firm handling consumer financial data fall under the FTC Safeguards Rule (effective June 2023) and IRS Pub 4557. A breach without a written information security program triggers FTC enforcement plus state AG action.

What it costs when it happens

Best, average, worst — the dollar reality

Modeled on AICPA Cybersecurity Survey data, NetDiligence Cyber Claims reports, and the work we've done for CPA firms, consulting practices, and agencies in the 5-100 person band.

Best case

Insured + prepared

$25k – $120k

Strong MFA and DLP. Cyber policy active. Single phishing event detected within hours. Client notification clean. Deductible + forensics + one round of credit monitoring.

Average case

Partial preparation

$180k – $720k

AI data leak triggers client notification to 1,400 individuals. FTC inquiry. State AG notification in 12+ states. 12% client churn over 12 months. Two senior staff departures.

Worst case

Unprepared

$850k – $3.2M

Tax-season ransomware locks you out for 2-3 weeks during filing crunch. Missed extensions. FTC enforcement action with consent decree. Class action. Loss of a top-3 client. Premium triples at renewal.

Ranges are illustrative. For a personalized estimate calibrated to your revenue, headcount, and current controls, run the Cost-of-Getting-Hit calculator.

The duties you can't outsource

Pro-services-specific risk highlights

1
FTC Safeguards Rule (effective June 9, 2023) — written information security program, qualified individual, risk assessment, incident response plan, MFA, encryption
2
IRS Publication 4557 — Safeguarding Taxpayer Data: written data security plan required for all paid preparers regardless of firm size
3
GLBA — Gramm-Leach-Bliley applies to firms handling consumer financial data; the FTC Safeguards Rule is the practical implementation
4
State breach laws — every US state imposes notification duties; some (NY SHIELD, MA 201 CMR 17, CA CCPA/CPRA) impose ongoing program duties
5
Colorado AI Act overlay — applies if any AI you deploy makes consequential decisions affecting Colorado residents (effective February 2026)

What we actually do

What an EFROS engagement looks like for a pro-services firm

We start with a 10-day fixed-fee scoping engagement. We pull a firm-wide AI tool inventory — paid, free, shadow — and classify each tool by data-handling tier and risk. We audit your Microsoft 365 or Google Workspace tenant for the configuration choices that matter under the FTC Safeguards Rule: MFA enforcement, encryption, DLP, audit logging.

For tax practices we run an IRS Pub 4557 gap analysis and document what your written data security plan needs to contain. For consulting and agency firms we focus on client engagement letter language, AI usage policies, and the Microsoft Copilot or Workspace Gemini configurations that determine whether your productivity AI is safe for client work.

On retainer we run the operating model: quarterly AI tool review, annual FTC Safeguards Rule risk assessment, joiner/mover/leaver workflow with same-day account disable, MDM for laptops, a tabletop exercise every quarter, and a 1-page board-grade quarterly summary you can hand to your cyber-insurance broker at renewal.

Flat-fee retainer — typically $3,500-9,500 per month for trust-based services firms depending on headcount, AI surface, and regulatory profile (CPA + tax practices generally land higher). No per-ticket charges. No tool upsells. We run the program.

What these incidents actually look like

Three ways to start

The calculator and quiz are anonymous and take under 5 minutes. The 20-minute call is a scoping conversation, not a sales pitch.

Run Cost-of-Getting-Hit Run Are-You-Ready Quiz Book 20 min