Data security is everyone’s business! September 2019 Tax News

The Internal Revenue Service recently issued their Tax Security 2.0 – A “Taxes Security Checklist” through a five-part weekly series of IRS news releases. Each of these news releases focuses on one step or component of data security. The five releases are summarized below with a link to each of the steps. Please take the time to click on each link and review the full list of steps provided by IRS.

This information is vital and while extensive, it is definitely worth taking the time to read through everything. But,it doesn’t stop there - we suggest comparing the recommended practices with what you currently have in place and make adjustments, if necessary.

The ‘Taxes-Security-Together’ Checklist

  1. Deploy the “Security Six” measures:  Step 1
    1. Activate anti-virus software.
    2. Use a firewall.
    3. Opt for two-factor authentication when it’s offered.
    4. Use backup software/services.
    5. Use Drive encryption.
    6. Create and secure Virtual Private Networks.
  2. Create a data security plan:  Step 2
    1. Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data. 
    2. The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large. 
    3. Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.
  3. Educate yourself and be alert to key email scams, a frequent risk area involving: Step 3
    1. Learn about spear phishing emails.
    2. Beware of ransomware.
  4. Recognize the signs of client data theft: Step 4
    1. Client e-filed returns begin to be rejected by the IRS or state tax agencies because returns with their Social Security numbers were already filed;
    2. Clients who haven’t filed tax returns begin to receive taxpayer authentication letters (5071C, 4883C, 5747C) from the IRS or a letter from FTB to confirm their identity for a submitted tax return.
    3. Clients who haven’t filed tax returns receive refunds.
    4. Clients receive tax transcripts that they did not request.
    5. Clients who created an IRS or FTB Online Services account receive a notice that their account was accessed or an IRS or FTB email stating their account has been disabled. Another variation: Clients unexpectedly receive an IRS or FTB notice that an online account was created in their name.
    6. The number of returns filed with the tax professional’s Electronic Filing Identification Number (EFIN) exceeds the number of clients.
    7. Tax professionals or clients responding to emails that the firm did not send.
    8. Network computers running slower than normal.
    9. Computer cursors moving or changing numbers without touching the keyboard.
    10. Network computers locking out employees.
  5. Create a data theft recovery plan including Step 5
    1. Contact the IRS, reporting the data theft to your local IRS Stakeholder Liaison. They will notify IRS Criminal Investigation and others within the agency.
    2. Contact the State Tax Agencies where you prepare returns. To help tax professionals find where to report data security incidents at the state level, the Federation of Tax Administrators has created a special email address as a contact point:
    3. Contact security experts and your insurance company.

All of the above are useful steps you can use to help keep your systems and client data secure. It’s definitely better to address any potential issues now, before a data breach occurs.