Cybercrime has plagued the financial services industry – and specifically, tax payers – for years. But thanks to continued efforts by cybersecurity leaders and tax professionals, it has been getting better.
In fact, over the course of three years from 2015 to 2018, identity theft reported among tax payers dropped an astounding 71 percent and confirmed identity theft returns stopped by the IRS dropped 54 percent.
But this is no time to rest on your laurels.
Regardless of how effective recent cybersecurity efforts have been, members of the IRS, state tax agencies and other tax professionals are continuing to encourage everyone to work even harder to prevent further damage. To help, they’ve developed a vital resource – the “Taxes-Security-Together” Checklist.
In this article, we’ll answer the following questions about the “Taxes-Security-Together” Checklist:
- What Is The “Taxes-Security-Together” Checklist?
- What Is Included On The “Taxes-Security-Together” Checklist?
- Deploy the “Security Six” measures.
- Create a data security plan.
- Educate yourself and be alert to key email scams, a frequent risk area involving.
- Recognize the signs of client data theft.
- Create a data theft recovery plan including.
- How Can You Implement The “Taxes-Security-Together” Checklist?
What Is The “Taxes-Security-Together” Checklist?
This checklist — developed in partnership between the IRS, states and private tax sector community, known as the Security Summit – details clearly defined steps that tax professionals can follow to mitigate known cybercrime threats.
“The IRS, the states and the private-sector tax industry have taken major steps to protect taxpayers and their data,” said IRS Commissioner Chuck Rettig in a press release. “But a major risk remains, regardless of whether you are the sole tax practitioner in your office or part of a multi-partner accounting firm. To help with this, we assembled a security checklist to assist the tax community. We hope tax professionals will use our checklist as a starting point to do everything necessary to protect their client’s data.”
What Is Included On The “Taxes-Security-Together” Checklist?
The “Taxes-Security-Together” Checklist is broken into 5 main steps:
- Deploy the “Security Six” measures:
- Activate anti-virus software.
- Use a firewall.
- Opt for two-factor authentication when it’s offered.
- Use backup software/services.
- Use Drive encryption.
- Create and secure Virtual Private Networks.
- Create a data security plan:
- Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data.
- The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large.
- Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.
- Educate yourself and be alert to key email scams, a frequent risk area involving:
- Learn about spear-phishing emails.
- Beware ransomware.
- Recognize the signs of client data theft:
- Clients receive IRS letters about suspicious tax returns in their name.
- More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
- Clients receive tax transcripts they did not request.
- Create a data theft recovery plan including:
- Contact the local IRS Stakeholder Liaison immediately.
- Assist the IRS in protecting clients’ accounts.
- Contract with a cybersecurity expert to help prevent and stop thefts.
How Can You Implement The “Taxes-Security-Together” Checklist?
When it comes to protecting against the ongoing, evolving cybersecurity threats in play today, managing cybersecurity is, understandably, a tall order.
In order for you to implement the whole of this checklist and effectively fill the role of an IT company, you would need…
- The knowledge of how to select, install, manage and maintain increasingly complex IT security systems. Do you have that kind of know-how?
- The time to both maintain systems on an ongoing basis and respond to events as they occur. If you can’t afford to make IT your full-time job, then do you think you can stay on top of it?
- The resources to learn what you and your staff need to know about modern cybercrime methodology, test that knowledge, and update it on a regular basis. Do you know where to find that info? Do you have the time for that kind of cybercrime “curriculum”?
Managing your cybersecurity means you need to take a holistic approach, incorporating and considering every aspect of a truly secure environment.
However, that may be beyond the scope of many business leaders…
Additional Resources for Tax Professionals
Publication 5293, Data Security Resource Guide for Tax Professionals provides a compilation of data theft information available on IRS.gov.
“The Data Security Resource Guide for Tax Professionals is intended to provide a basic understanding of minimal steps to protect client data. All tax professionals are encouraged to work with cybersecurity professionals to ensure secure systems. Protecting taxpayer data from theft and disclosure is your responsibility.”
Are You Unsure About How To Implement The “Taxes-Security-Together” Checklist?
That’s understandable. You may not have the time or resources on staff to handle each and every step in an effective manner. The good news is, you don’t have to handle it on your own.
It’s recommended that you instead outsource their cybersecurity management tasks to a more capable, more available IT company like Kraft Technology Group. Doing so will also guarantee a level of quality and consistency in management and maintenance of your cybersecurity technologies and best practices that can’t be achieved by you or someone on your staff trying to manage it all on their own.
Like this blog? Check out the following articles to learn more:
Using Faceapp Could Be Risky – Find Out Why Before You Do
15 Tips For Protecting Your Privacy on Windows 10
Protect Your Medical Practice Against Cyber Attack
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.