In response to the overwhelming number of attacks on tax professionals, the IRS convened its Security Summit to provide guidance to the industry on cyber security and data protection. Out of this year’s summit, the IRS and partners developed the “Taxes-Security-Together Checklist.”
All of the elements in the Checklist can be provided by our excellent Partners. We encourage you to use the summary below with your CPA clients:
Step 1: Deploy “Security Six” basic safeguards
Activate anti-virus softwareUse a firewall
Use two-factor authentication
Use backup software/services
Use drive encryption
Create and secure Virtual Private Networks
Step 2: Create a data security plan
Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data
Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures
Step 3: Educate and Test your organization on Phishing and Social Engineering
Train all employees on Phishing emails and Social Engineering risks
Test all employees to ensure safe data security behaviors
Educated employees are the key to avoiding phishing scams, and office systems are only as safe as the least informed employee
Step 4: Recognize the signs of client data theft
Train your organization to be alert for signs of data theft
Clients receive IRS letters about suspicious tax returns in their name.
More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
Clients receive tax transcripts they did not request.
Step 5: Create a data theft recovery plan including:
Contact the local IRS Stakeholder Liaison immediately.
Assist the IRS in protecting clients’ accounts.
Contract with a cybersecurity expert to help prevent and stop thefts.
At least two Indiana automotive plants were forced to stop work after a successful cyber attack on a key supplier. “The FBI is aware of a ransomware attack and the significant impact that the attack has had on certain companies in the state of Indiana."After receiving word of the