4 Data Security Tips for Tax Professionals
By Isaac M. O’Bannon, Managing Editor
Tax professionals fall victim to identity theft, too. In recent years, hundreds of tax professionals experienced data thefts or breaches that exposed their clients’ personal information to cybercriminals and to tax-related identity theft. As cybercriminals increasingly target this data, the IRS and its Security Summit partners are sharing lessons learned by tax pros to help others avoid being targeted by identity thieves.
They recently shared tips and actions they wish they had taken to safeguard their customers and their businesses. These suggestions, pulled anonymously from victimized professionals, offer an opportunity to learn from these common mistakes and avoid a devastating breach of their client and business data.
Although the Security Summit — a partnership between the IRS, states and the private-sector tax community — is making progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices is on the rise. Thieves use stolen data from tax practitioners to create fraudulent returns that can be harder to detect and harder to distinguish from legitimate taxpayer returns.
Lesson 1: Get cyber insurance coverage
A common refrain from tax professionals who have been victimized by cybercriminals is they either were glad they had – or wish they had – insurance coverage for data loss.
Many tax professionals maintain business policies that may cover property and liability, but it may not fully coverage data thefts. Tax professionals victimized by these crimes recommend they also explore cyber coverage for data breaches. This may require an addendum or rider to the policy. Practitioners also suggest that that the dollar amount of the policy be large enough to cover expenses.
Some insurance companies provide teams of experts in the event of a data theft, assisting tax professionals in identifying the source of the data breach and resolving it. These teams may also help notify clients or provide extended protections. Just as important, these teams of experts may assist tax professionals proactively, helping make sure adequate safeguards are in place to prevent a data theft.
Another recommendation: If using cloud storage, ask the cloud service provider about cyber insurance coverage in case the provider’s systems are breached.
Lesson 2: Password protect each client account
Many tax software products also enable tax professionals to password protect each client account. Tax professionals who have experienced data thefts acknowledge that this can be a hassle, but worth the trouble should they experience a breach. They suggest password-protecting every account as a critical safeguard against cyberthieves.
Strong passwords can help prevent cybercriminals from accessing computer systems and accounts. Passwords should be eight characters or longer, a mix of letters, special characters and numbers, include an easy to remember phrase and be unique for each account.
See Protect Your Clients, Protect Yourself: Tax Security 101 for more information on passwords and encryption.
Lesson 3: Use a virtual private network (VPN) for remote connections
Tax professionals who have been victimized also wish they had used a virtual private network (VPN) instead of remote access software. A VPN allows for teleworkers or branch offices to securely connect to the firm’s computer system and to send and receive information.
There have been cases where cybercriminals have taken over remote access of a tax professionals’ computer systems. In one example, the thieves remotely accessed client accounts via the tax pro’s computer, completed and e-filed pending returns and changed the deposit information to their own accounts.
Technology media often provide lists of top VPN services.
Lesson 4: Keep all security software updated
Tax professionals who experienced data thefts also suggest colleagues keep all security software up to date. This includes the computer operating system, anti-malware, anti-virus software, firewalls, etc. While most computers come with security software installed, tax professionals also can purchase additional security software products.
Updated software helps protect users from emerging threats that can lead to data thefts. Users can set the security software to update automatically.
In addition to these steps, the Security Summit reminds all professional tax preparers that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Tax Professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.
This is the fifth in a series called “Protect Your Clients; Protect Yourself: Tax Security 101.” (https://bit.ly/2Mmj2Rq)
Top Tax Social Media:
IRS Deals Blow to SALT Deduction Cap Workarounds. Tax Foundation.
New Pass-Through Rules Could Add $1.3 Billion in Compliance Costs. Forbes.
Confessions of a Young Tax Practitioner. AICPA Insights.
IRS Changes Compliance Assurance Process Program. CCHTaxGroup Blog.
4 Ways Tax Pros Can Boost Their Social Media Presence. Canopy blog.
Top Tax News:
Traffic Stop Leads to $580,000 Tax Fraud Case. A strong odor of marijuana led deputies to search the car, where they found multiple credit cards, three laptop computers and more.
Combat Zone Contract Workers Qualify for Foreign Earned Income Exclusion. The Bipartisan Budget Act of 2018 applies for tax year 2018 and subsequent years.
IRS Says Tax Pros Need to Protect Their EFINs, PTINs and CAFs. Cybercriminals sometimes post stolen EFINs, PTINs and CAF numbers on the Dark Web as a crime kit for identity thieves.
The Downsides of Property Tax Caps. Property tax caps may be hampering municipalities’ ability to fund basic services and are exacerbating inequality.
Nonprofits Uncertain of New Tax Law Changes. The new tax law could result in a decrease in annual giving anywhere between $13 billion and $20 billion.
See inside September 2018
September 2018 Firm Management Channel
Building a World-Class Marketing Culture in Your Firm – Part II This article continues the series on creating a world-class marketing culture in your firm. In Part 1, we explored the definition of marketing and its centrality in the life of a firm. In Part 2, we examine the firm’s brand—what it is, what it […]
September 2018 Accounting and Audit Channel
Role of Financial Leaders Continues to Expand By Isaac M. O’Bannon, Managing Editor Financial leaders continue breaking the mold and expanding their influence throughout their organizations. In a Robert Half Management Resources survey, finance executives most frequently reported their roles have grown over the past three years to include more human resources (39 percent) and […]