GruntWorx Featured Post

IRS Releases Tax Security Checklist

Developing a data security plan can be intimidating, whether you’re new to data security or simply worry about developing a plan for the whole firm. After all, it’s one thing to download security software for your personal computer and another to try to secure your office network. Unfortunately, there’s another wrinkle for tax professionals: By law, you are required to develop a written security plan.

According to the FTC website, the Safeguards Rule requires “financial institutions … protect the consumer information they collect.” Under the “Who Must Comply?” section, the agency explicitly notes that this rule “includes many businesses that may not normally describe themselves that way.” Guess who Safeguards applies to? That’s right, “professional tax preparers.”

When it comes to tax-related identity theft, criminals use that information to defraud the US Treasury—to the tune of millions of dollars. That prompted the creation of the Security Summit, a partnership between private and government members of the tax industry. Luckily for everyone trying to create an office security plan, one of the Summit’s outreach campaigns—“Taxes-Security-Together”—produced a data security checklist.

What’s in the “Taxes-Security-Together” data-security checklist?

The IRS press release including the “Taxes-Security-Together” checklist emphasized how important it is for paid tax return preparers to have a data plan in place. The sheer number and evolving nature of phishing scams point to how valuable that data is, and it’s a reminder of why everyone should do all they can to protect it.

Without further ado, here’s full checklist provided by the IRS:

Deploy the “Security Six” measures:

  • Activate anti-virus software.
  • Use a firewall.
  • Opt for two-factor authentication when it’s offered.
  • Use backup software/services.
  • Use Drive encryption.
  • Create and secure Virtual Private Networks.
  • Create a data security plan:

  • Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data.
  • The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large.
  • Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.
  • Educate yourself and be alert to key email scams, a frequent risk area involving:

  • Learn about spear phishing emails.
  • Beware ransomware.
  • Recognize the signs of client data theft:

  • Clients receive IRS letters about suspicious tax returns in their name.
  • More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
  • Clients receive tax transcripts they did not request.
  • Create a data theft recovery plan including:

  • Contact the local IRS Stakeholder Liaison immediately.
  • Assist the IRS in protecting clients’ accounts.
  • Contract with a cybersecurity expert to help prevent and stop thefts.
  • For those who want to take a more comprehensive approach to developing their data-security plan, the IRS release also included links to the “Protect Your Clients, Protect Yourself: Tax Security 101” campaign; Publication 4557, Safeguarding Taxpayer Data; Publication 5293, Data Security Resource Guide for Tax Professionals; and the National Institute of Standards and Technology’s “Small Business Information Security: the Fundamentals.”

    Sources: Financial Institutions and Customer Information: Complying with the Safeguards Rule; IR-2019-122

    Paste your AdWords Remarketing code here

    GruntWorx, LLC.