IRS - Taxes. Security. Together.
In response to the overwhelming number of attacks on tax professionals, the IRS convened its Security Summit to provide guidance to the industry on cyber security and data protection. Out of this year’s summit, the IRS and partners developed the “Taxes-Security-Together Checklist.”
All of the elements in the Checklist can be provided by our excellent Partners. We encourage you to use the summary below with your CPA clients:
Step 1: Deploy “Security Six” basic safeguards
- Activate anti-virus softwareUse a firewall
- Use two-factor authentication
- Use backup software/services
- Use drive encryption
- Create and secure Virtual Private Networks
Step 2: Create a data security plan
- Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data
- Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures
Step 3: Educate and Test your organization on Phishing and Social Engineering
- Train all employees on Phishing emails and Social Engineering risks
- Test all employees to ensure safe data security behaviors
- Educated employees are the key to avoiding phishing scams, and office systems are only as safe as the least informed employee
Step 4: Recognize the signs of client data theft
- Train your organization to be alert for signs of data theft
- Clients receive IRS letters about suspicious tax returns in their name.
- More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
- Clients receive tax transcripts they did not request.
Step 5: Create a data theft recovery plan including:
- Contact the local IRS Stakeholder Liaison immediately.
- Assist the IRS in protecting clients’ accounts.
- Contract with a cybersecurity expert to help prevent and stop thefts.
Ready to learn more? Connect with us here!
Links to the IRS pages:
Step 1 - Deploy “Security-Six”
Step 2 - Create a data security plan
Step 3 - Educate and Test on Phishing and Social Engineering
Step 4 - Be alert for signs of data theft
Step 5 - Create a data theft recovery plan