From the IRS
All tax professionals should take stock of security measures used to protect client data. Tax practitioners remain high-value targets of cyber-criminals seeking to steal sensitive tax information, so they can file fraudulent returns. Whether a one-person shop or partner in a large firm, everyone should take steps to protect their clients and their business.
To help, the IRS, state tax agencies and the tax industry partners who make up the Security Summit created a Taxes-Security-Together Checklist. The checklist is a guide to help tax professionals cover the basics of cybersecurity.
The Taxes-Security-Together Checklist
The checklist includes:
- Deploy the “Security Six” measures
- Activate anti-virus software
- Use a firewall
- Opt for two-factor authentication when it’s offered
- Use backup software/services
- Use drive encryption
- Create and secure Virtual Private Networks
- Create a data security plan
- Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data
- The requirement is flexible enough to fit any size of tax preparation, from small to large
- Tax preparers are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures.
- Educate yourself on phishing scams
- Learn about spear phishing emails
- Beware of ransomware
- Recognize the signs of client data theft
- Clients receive IRS letters about suspicious tax returns in their name
- More returns filed with your Electronic Filing Identification Number than you submitted
- Clients receive tax transcripts they did not request
- Create a data theft recovery plan
- Contact local IRS stakeholder liaison immediately
- Assist IRS in protecting clients
- Contract with cybersecurity expert to stop thefts
For more details on these checklist items and how to implement them, see IRS Publication 4557, Safeguarding Taxpayer Data, and IRS Publication 5293, Data Security Resource Guide for Tax Professionals. Also, review Protect Your Client, Protect Yourself awareness campaigns: Don’t Take the Bait and Tax Security 101.