IRS Launches Data Theft Awareness Campaign Aimed at Tax Pros

By:
Chris Gaetano
Published Date:
Jul 6, 2016
tech


The IRS, in partnership with state tax agencies and private sector tax preparers, has launched a new campaign intended to increase awareness among tax professionals of the threat data theft poses to them and their clients, and the steps they can take to prevent it. Called "Taxes. Security. Together." the campaign will provide fact sheets and tips on security, scams and identity theft protection measures aimed at tax professionals.

“We have more than 700,000 tax preparers in this country, with many of those taking good security precautions,” said IRS Commissioner John Koskinen. “But cybercriminals are continuing to evolve, using new technology, ruses and scams. The tax community handles large volumes of sensitive personal and financial information. We need every tax professional to stay on top of their security to protect taxpayers as well as their businesses.”

The first of these fact sheets, Fact Sheet 2016-23, “Tax Professionals: Protect Your Clients; Protect Yourself from Identity Theft,”  notes that tax preparers are increasingly the targets of cyber attacks, and reminds professionals that they have a legal obligation to safeguard their clients' data. The fact sheet lays out critical steps that preparers should take to best guard themselves against the possibility of a data breach. 

Critical Steps:

 * Assure that taxpayer data, including data left on hardware and media, is never left unsecured

  * Securely dispose of taxpayer information

  * Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs

 *  Require periodic password changes every 60 – 90 days

 *  Store taxpayer data in secure systems and encrypt information when transmitting across networks

 *  Ensure that e-mail being sent or received, that contains taxpayer data, is encrypted and secure

 *  Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only

 *  Use caution when allowing or granting remote access to internal networks containing sensitive data

 *  Terminate access to taxpayer information for anyone who is no longer employed by your business

 *  Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data

 *  Provide periodic training to update staff members on any changes and ensure compliance

 *  Protect your facilities from unauthorized access and potential dangers

 * Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft

In addition to these steps, the IRS also recommended completing a risk assessment to identify risk and potential impacts of unauthorized access, writing (and following) an information security plan, and considering performing background checks and screen individuals before granting access to taxpayer information. 

The IRS said that putting safeguards in place to protect taxpayer data helps prevent fraud and identity theft and enhances customer confidence and trust. Steps that can be taken include: 

* Preserve the confidentiality and privacy of taxpayer data by restricting access and disclosure 

* Protect the integrity of taxpayer data by preventing improper or unauthorized modification or destruction; and

* Maintain the availability of taxpayer data by providing timely and reliable access and data recovery.

Click here to see more of the latest news from the NYSSCPA.