The IRS Security Summit, consisting of the IRS, state tax agencies and the private-sector tax industry, has released a warning to tax preparers that they increasingly are targets of cybercriminals and should take appropriate steps to protect clients from data theft.
IRS also posted Fact Sheet 2016-23 to help tax professionals get started with safeguards to protect clients’ data. It’s the first in a series of fact sheets and tips on security, scams and identity theft prevention measures aimed at tax professionals. The “Protect Your Clients; Protect Yourself” campaign is intended to raise awareness among tax professionals on their responsibilities and the common sense steps they can take to protect their clients from identity theft and to protect their businesses.
“We have more than 700,000 tax preparers in this country, with many of those taking good security precautions,” said IRS Commissioner John Koskinen. “But cybercriminals are continuing to evolve, using new technology, ruses and scams. The tax community handles large volumes of sensitive personal and financial information. We need every tax professional to stay on top of their security to protect taxpayers as well as their businesses.”
Fact Sheet 2016-23, “Tax Professionals: Protect Your Clients; Protect Yourself from Identity Theft,” urges preparers to follow the security recommendations found in Publication 4557, Safeguarding Taxpayer Data. The fact sheet outlines the critical steps necessary to protect taxpayer information and to build customer confidence and trust.
These critical steps include:
- Assure that taxpayer data, including data left on hardware and media, is never left unsecured
- Securely dispose of taxpayer information
- Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs
- Require periodic password changes every 60 – 90 days
- Store taxpayer data in secure systems and encrypt information when transmitting across networks
- Ensure that e-mail being sent or received, that contains taxpayer data, is encrypted and secure
- Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only
- Use caution when allowing or granting remote access to internal networks containing sensitive data
- Terminate access to taxpayer information for anyone who is no longer employed by your business
- Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data
- Provide periodic training to update staff members on any changes and ensure compliance
- Protect your facilities from unauthorized access and potential dangers
- Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft
Download a copy of Fact Sheet 2016-23
A prepared State News Release for Tax Agencies to distribute is available here.
#IRS #IdentityTheft #IntheNews #DataSecurity