Safeguarding taxpayer data is one of the top priorities for the IRS. As more tax professionals are working virtually during COVID-19, the Internal Revenue Service (IRS) and Security Summit partners urged tax professionals across U.S.A. to circulate a written data security plan to safeguard their and clients’ data from cyber intruders.
About the Security Summit:
The IRS, state tax agencies, the private-sector tax industry, the tax community including tax preparation firms, software developers, payroll and tax financial product processors and financial institutions work in partnership under security summit banner to fight back against cybercriminals.
The Security Summit Members are organized into six different work groups, each group addresses an area of need which is led by co-lead from the IRS, states and industry. Six Work Groups:
- Authentication Work Group: The members are responsible for identifying ways to validate and verify taxpayers and return information.
- Financial Services Work Group: They are accountable to analyze ways in which tax data can be prevented from cyber criminals.
- Information Sharing Work Group: They are liable to protect the taxpayers’ data by detecting and debarring Identity theft tax refund fraud.
- Strategic Threat Assessment and Response (STAR) Work Group: They examine entire tax ecosystem, recognize potential threats and make a strategy to alleviate potential threats.
- Communication and Taxpayer Awareness Work Group: They are mainly responsible to make individuals, businesses and tax professionals aware about protecting sensitive tax and financial information.
- Tax Professional Work Group: They examine how new requirements affect tax preparers who use professional software and help them in preventing identity theft tax refund fraud.
Basic Security Steps to protect your clients and business:
Below are some of the basic security steps that tax professionals should follow and observe to make their clients’ data and their businesses safer.
- Identify phishing emails, especially those claiming to be from the IRS, e-Services, a tax software provider or cloud storage provider.
Review internal controls:
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones)
- Create strong passwords of 8 or more characters
- Encrypt all sensitive files/emails
- Take a back up of sensitive data to a safe and secure external source that is not connected fulltime to a network
- Check IRS e-Services account on weekly basis for number of returns filed with EFIN
Create a Data Theft Response Plan & Report to the IRS:
In case a client or the firm are the victim of data theft, they should immediately take below actions:
- Contact the IRS and law enforcement: Once the data theft is reported, the IRS further reports it to local stakeholder liaison. It is further directed to Federal Bureau of Investigation if the IRS directs so, further notified to Secret Service and at last report for breach of data is filed to Local police.
- Contact states in which you prepare state returns: One can report about data theft to the Federation of Tax Administrators at [email protected]. Further some states require that State Attorney General should be notified of data breaches.
Lastly, the Security Summit initiative by the IRS highlights the basic security steps for all professionals and practitioners, especially those working remotely in response to COVID-19 and as per that just by staying vigilant for potential threats and following security steps can safeguard and prevent from unexpected cyber threats and losses.