The Qualified Individual
The Qualified Individual
The Qualified Individual is a micro-podcast for managing partners at small and mid-sized CPA firms navigating data security compliance. Hosted by Daniel Chang, author of The Governance Gap, each 8-12 minute episode tackles multiple real issues: cyber insurance gaps, FTC Safeguards requirements, MSP oversight, access controls, and AI governance. Delivering practical, jargon-free guidance on what to do about it. Visit TheQualifiedIndividual.com
Autor
The Qualified Individual
Kategorie
Podcast-Website
Neueste Folge
15. Jun 2026
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Why 40% of Cyber Claims Get Denied 15.06.2026 10:10
Real data shows that 40% of cyber insurance claims face partial or complete denial. We break down why: control failures, misrepresentation on the application, exclusion triggers, and more. The underwriting questionnaire is a legal document. How to avoid becoming a denial statistic.
The Fake Vendor Your Insurance Won't Cover 08.06.2026 10:01
A common fraud scenario: attackers create fictitious vendor accounts, process small transactions to build trust, then process a large fraudulent transfer. The firm's insurance won't pay because the account isn't "owned" by the firm. Access control reviews and segregation of duties prevent this. Here's why it matters for FTC Safeguards compliance.
Five Questions to Ask Your MSP This Week 01.06.2026 10:56
If you're working with a Managed Service Provider, you should have clarity on five specific things: who your QI is, what risk assessments have been done, what reports partners receive, how breach response actually works, and how the MSP distinguishes between technical services and governance. These questions aren't adversarial — they're collaborative.
Your Staff Is Already Using AI. Now What? 25.05.2026 12:05
Your team is using ChatGPT and Copilot on client data — whether you've formally allowed it or not. These "shadow AI" flows create undocumented data pathways that compliance frameworks don't see. We talk about why prohibition doesn't work and what actual governance looks like.
What a $4 Million Breach Actually Costs a 15-Person Firm 18.05.2026 13:24
We break down the real numbers behind a breach at a small CPA firm — forensics, legal fees, notification costs, credit monitoring, lost business, and reputational damage. For a 15-person firm, this can be existential. Here's why governance is dramatically cheaper than recovery.
The Qualified Individual: Making It Actually Work 11.05.2026 12:51
You've named a Qualified Individual, but now what? We're diving into how to make the role functional, what you're actually documenting, how you're reporting to partners, and what quarterly governance looks like so that security stays on track and isn't just a compliance box to check.
The Microsoft 365 Coverage Gap Nobody Talks About 04.05.2026 14:35
Most CPA firms use Microsoft 365 for email and collaboration, and most firms assume they understand their data security there. But Microsoft's default settings leave significant gaps—particularly around shared mailboxes, file sharing, and recovery. We're breaking down what M365 does and doesn't do, and what controls your firm needs to add.
Tax Season Is Hacker Season 27.04.2026 12:46
Tax season brings volume, pressure, and fatigue—exactly when hackers strike. From phishing attacks targeting busy staff to stolen credentials accessing dormant systems, tax time is peak season for breaches. Here's how to prepare your firm's security culture and controls to survive the busiest time of year.
Why Your Biggest Clients Are About to Start Asking Questions 20.04.2026 11:14
Your largest clients are increasingly asking about your security practices—how you protect their data, what controls you have, whether you meet compliance standards. We're talking about what these client security questionnaires are really asking, why they're becoming standard, and what it means for your firm's compliance.
The Intern Who Still Has Access to Everything 14.04.2026 10:21
Offboarding is how most breaches actually start—not with external hackers, but with former employees or contractors who kept their access. We're talking about why access removal is harder than it sounds, what gets missed, and the framework for making sure that when someone leaves, their doors actually close.
Your MSP Isn't Your Security Program 23.03.2026 10:24
Many CPA firms rely on their Managed Service Provider for security. But an MSP handles servers and systems—not your security program. We're breaking down what an MSP does, what they don't do, and why your firm still needs a documented, independent security program even if your IT is completely outsourced.
What Happens in the First 48 Hours After a Breach 16.03.2026 8:17
When a breach happens, the first two days matter more than everything that comes after. You need to know: how to detect it, who to call first, what to preserve, and how to communicate both internally and with authorities. We're walking through the incident response framework and the practical steps that keep a small situation from becoming a firm-threatening crisis.
The One Person the FTC Says You Must Have 09.03.2026 9:08
The Safeguards Rule now requires you to designate a Qualified Individual to oversee your security program. Who should this person be? What do they actually need to do? And what happens if you don't have one? We're breaking down the role and how it works in practice at a small to mid-sized firm.
You're a Financial Institution (And You Probably Didn't Know It) 03.03.2026 11:28
The FTC classified CPA firms as financial institutions under the Safeguards Rule. What does that mean? It means new compliance obligations, specific security requirements, and if you get it wrong, substantial penalties. Here's what you need to know about the rule, how it applies to you, and what your first steps should be.
Your Cyber Insurance Might Not Pay. Here's Why. 01.03.2026 8:16
Most CPA firms think their cyber insurance will cover a breach. It won't—at least not the way they think it will. We're breaking down why policies deny claims, how sublimits shrink your actual coverage, and what you need to do before disaster strikes to make sure you're protected when it matters most.
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet