Important Information on the Recent Microsoft Exchange Server Vulnerabilities




Understanding the Risks

ERO Online Cyber Training & Cyber Risk Management:

ERO Cyber Security Risk Management Website provides Online risk management tools, procedures, and training to help policyholders and their workforce understand data security risk and how to best mitigate and prepare for a breach.
A policy holder has unlimited access to:

  • Online Compliance Materials

    Federal and state compliance materials regarding data Security, data breaches, and data privacy, including:

    • Quick Tips on many subjects; Summaries of federal/state laws
    • Links to statutes and regulations; Sample policies and procedures
  • Training Programs

    Including, but not limited to:

    • Webinars
    • Newsletters
    • Online training courses
    • Awareness bulletins and posters
  • Step-by-Step Procedures to reduce risk

    Procedures and online forms to help you:

    • Conduct risk assessment
    • Build incident response team & plan
    • Create IT culture around privacy & compliance
    • Train workforce on security procedures
  • Actions to take when a breach occurs

    Information you need to:

    • Comply with your state specific law regarding notification
    • Set your incident response plan into action
    • Report a data breach
Enroll Now Expert Advice

Understanding The Coverage

A Complete Solution | only $395.00/yr

We are offering a comprehensive cyber liability protection solution for professional tax preparers.
Our solution provides:

Multimedia Liability |
$100,000 Limit Per Claim and in the Aggregate

Coverage for claims alleging liability resulting from the dissemination of online or offline media material, including claims alleging copyright/trademark infringement, libel/slander, plagiarism, or personal injury.

Security & Privacy Liability |
$100,000 Limit Per Claim and in the Aggregate

Coverage for claims alleging liability resulting from a security breach or privacy breach, including claims alleging failure to safeguard personal information.

Privacy Regulatory Defense Penalties |
$100,000 Limit Per Claim and in the Aggregate

Coverage for regulatory fines and penalties and regulatory compensatory awards incurred in privacy regulatory proceedings/investigations brought by federal, state, local, or foreign governmental agencies.

PCI DSS Liability |
$100,000 Limit Per Claim and in the Aggregate

Coverage for assessments, fines, or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) or payment card company rules.

BrandGuard® |
$100,000 Limit Per Claim and in the Aggregate

Coverage for net profit incurred as a direct result of an adverse media report or breach notification following a security breach or privacy breach.

A 2-week waiting period applies.

Cyber Extortion |
$100,000 Limit Per Claim and in the Aggregate

Coverage for extortion expenses incurred and extortion monies paid as a direct result of a credible cyber extortion threat, including ransomware.

Breach Event Costs |
$100,000 Limit Per Claim and in the Aggregate

Coverage for reasonable and necessary mitigation costs and expenses incurred as a result of a privacy breach, security breach or adverse media report, such as legal expenses, proactive and reactive public relations expenses, IT forensic expenses, breach notification costs (including voluntary notification costs), and the cost to set up call centers and provide credit monitoring and identity theft assistance.

The Breach Event Costs Limit is in addition to, and will not reduce, the $100,000 Annual Aggregate Limit of Liability.

System Failure |
$100,000 Limit Per Claim and in the Aggregate

Coverage for (1) reasonable and necessary amounts incurred to recover and/or replace electronic data that is compromised, damaged, lost, erased, corrupted or stolen and (2) business income loss and interruption expenses incurred due to an unplanned outage, interruption, failure, suspension, or degradation of service of an insured computer system, including any such incident caused by a hacking attack.)

An 8-hour waiting period applies to Business Interruption coverage.

Dependent System Failure |
$100,000 Limit Per Claim and in the Aggregate

Covers income loss and interruption expenses incurred in the event that the computer system of an IT service provider or business process outsourcing provider goes down.

A 12-hour waiting period applies to Business Interruption coverage.

The coverages listed above are limited to $100,000 per claim and in the aggregate. ERO cyber security insurance has a maximum annual aggregate limit of $200,000.

Enroll Now The Providers The Timeline


ERO Cyber Security insurance is being offered as a unique benefit to American Advantage Association members. The insurance is underwritten by Tokio Marine HCC - Cyber & Professional Lines Group and secured by Houston Casualty Company. Claims will be handled by Tokio Marine HCC - Cyber & Professional Lines Group, based in Los Angeles, CA.

Introducing our higher limit options

In addition to the base options you can apply for higher amounts of coverage

As explained above, we have thoughtfully designed our ERO Cyber Security base plan to be a comprehensive cyber liability solution for the majority of our tax professional clients. It’s our goal to continue to find ways to keep you, your employees and your business feeling protected and prepared. For offices that feel they need more coverage than what is provided in our standard Base Program we, in partnership with Tokio Marine HCC - Cyber & Professional Lines Group, offer 3 higher limit options in addition to your base coverage.

To learn if you qualify for one of our higher limit options, please read our program qualifications. Use the buttons below to learn more about the higher limit options we offer. To apply for a higher limit option, download the application here and email the completed application to, steve@taxprotectionplus.com. If you have any questions, please call 855-406-5527.

$250,000
Aggregate Limit
$500,000
Aggregate Limit
$1,000,000
Aggregate Limit


Tokio Marine HCC is a leading specialty insurance group with offices in the United States, Mexico, the United Kingdom and continental Europe, transacting business in approximately 180 countries and underwriting more than 100 classes of specialty insurance.

For over 30 years, the American Advantage Association has been committed to working with member companies in identifying enhanced administrative processes, staying current on regulatory issues, developing customer affinity solutions and product enhancements.

With over 10,000 tax professional members, we have a keen understanding of the issues impacting the professional tax preparation industry. In response to the growing number of data breach incidents, warnings issued by the IRS and concerns expressed by our professional tax preparer members, we developed this cyber security solution specifically for professional tax preparers.

Even if you do not experience a data breach, as an Organization Member of the American Advantage Association, your tax business will receive access to free and discounted small business legal services through Legal Club of America. These services address nearly any legal business matter you may confront.

When a breach occurs

Timeline of Events

  • DISCOVERY OF A BREACH

    Report Incident

  • EVALUATION OF THE BREACH

    Legal review and forensic investigation.

  • MANAGING THE SHORT-TERM CRISIS

    Notification and credit monitoring

    Data recovery and business interruption expenses

    Public relations

  • HANDLING THE LONG-TERM CONSEQUENCES

    Class-Action Lawsuit

    Regulatory Fines

    Pentalies & Consumer Redress

    Reputational Damage

    Income Loss

GET PROTECTED NOW

Sign Up Now

How did we get here

Building the Solution

In response to the growing number of data breach incidents, warnings issued by the IRS and concerns expressed by our over 10,000 professional tax preparer members, the American Advantage Association set out to offer a cyber security solution designed specifically for professional tax preparers.

Contact Us

Phone:
855-406-5527

Address:
P.O Box 24279
Winston-Salem, NC 27114

ERO Cyber Security insurance is being offered as a unique benefit to American Advantage Association members. The insurance is underwritten by Tokio Marine HCC - Cyber & Professional Lines Group and secured by Houston Casualty Company. Claims will be handled by Tokio Marine HCC - Cyber & Professional Lines Group, based in Los Angeles, CA. Tax protection Plus is making these Insurance products available through a relationship with Trupoint Marketing, LLC. (Trupoint), a licensed insurance producer and surplus lines broker, (Cal. license #OL63042 ) acting on behalf of a number of unaffiliated insurance companies. Insurance products offered through Trupoint may not be available in all states.

AAA Terms & Conditions Privacy Policy

MULTIMEDIA LIABILITY COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will pay:

  • Damages which an insured becomes legally obligated to pay; and
  • Defense costs,resulting from a claim for an actual or alleged multimedia peril, provided that:
    • Such claim is first made against the insured during the POLICY period;
    • The insured reports such claim in writing to the Company no later than sixty (60) days after the claim is first made against the insured; and
    • The multimedia peril takes place or first commences on or after the prior acts date.

SECURITY AND PRIVACY LIABILITY COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will pay:

  • Damages which an insured becomes legally obligated to pay; and
  • Defense costs, resulting from a claim for an actual or alleged security and privacy wrongful act, provided that:
    • Such claim is first made against the insured during the POLICY period;
    • The insured reports such claim in writing to the Company no later than sixty (60) days after the claim is first made against the insured; and
    • The security and privacy wrongful act takes place or first commences on or after the prior acts date.

PRIVACY REGULATORY DEFENSE AND PENALTIES COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will pay:

  • Regulatory fines and penalties and/or any regulatory compensatory award which an insured becomes legally obligated to pay; and
  • Defense costs, directly resulting from a claim for an actual or alleged security breach or privacy breach, provided that:
    • Such claim is first made against the insured during the POLICY period;
    • The insured reports such claim in writing to the Company no later than sixty (60) days after the claim is first made against the insured; and
    • The security breach or privacy breach takes place or first commences on or after the prior acts date.

PRIVACY BREACH RESPONSE COSTS, NOTIFICATION EXPENSES, AND CUSTOMER SUPPORT AND CREDIT MONITORING EXPENSES COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will pay reasonable privacy breach response costs, notification expenses, and/or customer support and credit monitoring expenses which you incur during the POLICY period as a direct result of an adverse media report, security breach or privacy breach, provided that:

  • The adverse media report, security breach or privacy breach takes place or first commences on or after the prior acts date; and
  • You report the adverse media report, security breach or privacy breach in writing to the Company during the POLICY period and no later than 60 days after the date an insured first discovers the adverse media report, security breach or privacy breach.

BRANDGUARD COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will reimburse you for your provable and ascertainable brand loss, which you sustain during the period of indemnity, but after the waiting period, as a direct result of an adverse media report or notification, provided that:

  • The adverse media report or notification results from a privacy breach or security breach that takes place or first commences on or after the prior acts date;
  • You report the brand loss in writing to the Company during the POLICY period and no later than 60 days after the date you first discover the actual or potential brand loss; and
  • You provide clear evidence that the brand loss directly resulted from the adverse media report or notification.

NETWORK ASSET PROTECTION COVERAGE

  • Loss of Digital Assests

    • Subject to the limits of liability and retention specified in the Schedule, the Company will reimburse you for digital assets loss and/or special expenses which you incur during the POLICY period as a direct result of damage, alteration, corruption, distortion, theft, misuse, or destruction of digital assets, provided that:

    • Such damage, alteration, corruption, distortion, theft, misuse, or destruction of digital assets is directly caused by a covered cause of loss takes place or first commences on or after the prior acts date;
    • You report the covered cause of loss in writing to the Company during the POLICY period and no later than 60 days after the date an insured first discovers the covered cause of loss; and
    • You provide clear evidence that the digital assets loss and/or special expenses directly resulted from the covered cause of loss.

      • The Company will pay digital assets loss and/or special expenses for a period of up to twelve (12) months following the discovery of the damage, alteration, corruption, distortion, theft, misuse, or destruction of digital assets.

  • Non-Physical Business Interruption and Extra Expense

    • Subject to the limits of liability and retention specified in the Schedule, the Company will reimburse you for income loss, interruption expenses and/or special expenses which you incur during the period of restoration, but after the waiting period, as a direct result of a total or partial interruption, degradation in service or failure of an insured computer system, provided that:

    • Such total or partial interruption, degradation in service or failure of the insured computer system is directly caused by a covered cause of loss that takes place or first commences on or after the prior acts date;
    • You report the covered cause of loss in writing to the Company during the POLICY period and no later than 60 days after the date an insured first discovers the covered cause of loss; and
    • You provide clear evidence that the income loss, interruption expenses and/or special expenses directly resulted from the covered cause of loss.

CYBER EXTORTION COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will reimburse you for cyber extortion expenses and/or cyber extortion monies that you pay as a direct result of a cyber extortion threat, including a demand for cyber extortion monies, provided that:

  • Such cyber extortion threat is first made against an insured on or after the prior acts date;
  • You report the cyber extortion threat in writing to the Company during the POLICY period and no later than 60 days after the date the cyber extortion threat is made against an insured; and
  • You provide clear evidence that the cyber extortion expenses and/or cyber extortion monies directly resulted from the cyber extortion threat.

    • Cyber extortion expenses and/or cyber extortion monies shall not be paid without the Company’s prior consultation and written authorization. You must make every reasonable effort to notify local law enforcement authorities and the Federal Bureau of Investigation, or similar equivalent foreign agency, before surrendering any cyber extortion monies in response to a cyber extortion threat.

CYBER TERRORISM COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will reimburse you for income loss, interruption expenses, and/or special expenses which you incur during the period of restoration, but after the waiting period, as a direct result of a total or partial interruption, degradation in service, or failure of an insured computer system, provided that:

  • Such total or partial interruption, degradation in service, or failure of the insured computer system is directly caused by an act of cyber terrorism that takes place or first commences on or after the prior acts date;
  • You report the act of cyber terrorism in writing to the Company during the POLICY period and no later than 60 days after the date an insured first discovers the act of cyber terrorism; and
  • You provide clear evidence that the income loss, interruption expenses and/or special expenses directly resulted from the act of cyber terrorism.

PCI DSS ASSESSMENT COVERAGE

Subject to the limits of liability and retention specified in the Schedule, the Company will pay:

  • A PCI DSS assessment which an insured becomes legally obligated to pay; and
  • Defense costs, Resulting from a claim for an actual or alleged security breach or privacy breach, provided that:
  • Such claim is first made against the insured during the POLICY period;
  • The insured reports the claim in writing to the Company no later than sixty (60) days after the claim is first made against the insured; and
  • The security breach or privacy breach takes places or first commences on or after the prior acts date.

Free Legal Services*

The following nine services are available at no charge from your plan attorney.

  • Unlimited initial phone consultations during business hours for new legal matters
  • Attorney will review as many as 5 independent documents each quarter. These include business documents, contracts, signed or unsigned, up to 10 pages each.
  • Initial telephone calls made on behalf of your business if deemed appropriate by your plan attorney (two per month). Follow up calls are made at the guaranteed low hourly rate.
  • Initial letters written on behalf of your business if deemed appropriate by your plan attorney. Three per month for new subjects; follow up letters are written at the guaranteed low hourly rate.
  • Initial collection letters are limited to 10 per quarter. More than 10, and any follow up letters, are written at the guaranteed low hourly rate or at the contingency fee percentage, depending upon what you and your plan attorney decide.
  • One on one consultations for each new legal matter. Thirty minute time limit per subject matter. Time over the 30 minutes per subject will be at the guaranteed low hourly rate.
  • Registered Agent for your business in the state in which you are incorporated as well as other states where you do business.

*In certain situations, attorney liability may require plan attorneys to ask for a retainer from the member prior to providing some of the free legal services.

Guaranteed Low Hourly Rates*

Plan attorneys have contracted to charge no more than $125.00 per hour, or 40% off their usual and customary hourly rate, whichever is greater, for legal care that goes beyond the free and discounted services.

Retainers*

In the case of extended legal care, plan attorneys may ask you for a retainer. Any retainer sought will be computed by multiplying the number of hours a plan attorney believes a case will take, by the appropriate discounted hourly plan rate. For instance, 10 hours x $125.00 = a retainer of $1,250. Any unused portion of the retainer will be returned to the member.

*Court costs, filing fees and time charged for travel to and from any courts are additional.

Contingency Fee Discounts*

Attorneys often work on a contingency fee basis on such cases as personal injury and collections. This fee is usually expressed as a percentage of the amount collected or awarded. In collection matters, your attorney will accept 18% if the case is settled before formal court proceedings begin. After proceedings begin, the fee is 27%. On all other contingency matters there is a 10% discount on the lower of either the state maximum or the attorney’s standard rate.

*Court costs, filing fees and time charged for travel to and from any courts are additional.

We are sorry

Based on the answers to these questions, you do not qualify for this coverage.

Over 30,000 organizations have been affected by the recent Microsoft Exchange Server vulnerability announced last week. Experts have learned that, after accessing the victim’s environment, criminals leave behind a web shell or back door, a hacking tool that can be used by the criminal to subsequently access the same environment. Critically, the criminal’s web shell remains even after the Exchange Server is patched with the latest Microsoft updates. Therefore, all Exchange servers should be inspected for signs of unauthorized access and any web shells must be removed.

Here’s what you need to do.

STEP ONE: Patch first!

All Exchange servers should be patched immediately to address the four identified vulnerabilities.

STEP TWO: Investigate whether you’ve been compromised

Review Microsoft’s advice and download the Microsoft Safety Scanner (a Microsoft-developed scan tool), launch the program, agree to the license agreements, and click the “Full scan” option. This tool will automatically delete any detected files and not quarantine them. Once the scan is complete, the tool will report the deleted files. When done using the scanner, uninstall the tool simply by deleting the msert.exe executable. Importantly, this tool is only used to spot scans and should NOT be relied upon as an antivirus program.

Eligibility

This program has been developed for professional tax preparers and is not intended for accounting practices performing comprehensive financial services beyond professional tax preparation. Before proceeding, please respond to the following questions:

Yes No
Yes No
Yes No
Am I Eligibile

Eligibility

This program is intended to cover 1 Electronic Filing Identification Number (EFIN) per enrolled business. A separate enrollment is required for each EFIN.

This program is not available to:

  • Businesses earning more than $5 million per year
  • Businesses who have filed an insurance claim for a data breach or have knowledge of a breach of their data in the past 5 years
  • Businesses who are not using security software such as anti-virus and anti-malware software

Please click below to confirm these do not apply to your business. (misrepresentations will result in a denial of protection and services)

Eligibility

This program is intended to cover 1 Electronic Filing Identification Number (EFIN) per enrolled business. A separate enrollment is required for each EFIN.

This program is not available to:

  • Businesses earning more than $5 million per year
  • Businesses who have filed an insurance claim for a data breach or have knowledge of a breach of their data in the past 5 years
  • Businesses who are not using security software such as anti-virus and anti-malware software

Please click below to confirm these do not apply to your business. (misrepresentations will result in a denial of protection and services)

We're Sorry

This program is not accepting new enrollments at this time.

Watch Our Video

Higher Limit Options – Program Qualifications

  • Applicant must be an enrolled member in good standing with our standard ERO Cyber Security base program issued through the American Advantage Association;
  • Applicant must be an electronic return originator with maximum annual revenues of $10,000,000.00;
  • Applicant must not have experienced any related claims/incidents in the last 3 years;
  • Applicant must have a firewall and anti-virus system in place;
  • Applicant must use two-factor authentication to secure remote access to its email accounts;
  • Applicant must use two-factor authentication to secure all remote access to its network, including Remote Desktop Protocol (RDP) and/or Remote Desktop Gateway (RDG); and
  • Applicant must use a data backup solution for all critical data.

Coverage cannot be bound under this program for Applicants who do not meet the program qualifications; however, such Applicants can be considered for coverage outside the program.

Loading