September 2018 JD Supra
jd supra logo

Cybercriminals are after Tax Professionals and Taxpayer Data was published by JD Supra on 9/28/18.

Cybercriminals are attracted to Tax Professionals’ databases because they can access Taxpayer data and use compromised IP addresses and computers of the Tax Professionals to file a tax return with IRS. 

Cyber thieves use stolen Taxpayer data to create fraudulent tax returns that are more difficult to detect, and file fraudulent returns that successfully go through the system.  IRS is consistently reminding Tax Professionals that the Gramm-Leach-Bliley Act, requires certain financial entities – including professional tax return preparers – to create and maintain a client data security plan.  Protecting Taxpayer data is the law.

IRS recognizes that Tax Professional data theft is on the rise and wants to help Tax Professionals better protect Taxpayer data.  On July 10th, 2018, IRS and its Security Summit partners launched a security awareness campaign for tax professionals; publishing an expanded guide providing critical steps to protect client data and available resources.  The campaign is called: “Protect Your Clients, Protect Yourself: Tax Security 101”. The security campaign has published five News Releases (last one was August 7th, 2018). In addition, IRS has updated Publication 4557 (Safeguarding Taxpayer Data) and Publication 5293 (Data Security Resource Guide for Tax Professionals) to help Tax Professionals:    

  • Take Basic Security Steps
  • Use Security Software
  • Create Strong Passwords
  • Secure Wireless Networks
  • Protect Stored Client Data
  • Spot Data Theft
  • Monitor EFIN/PTINs
  • Recognize Phishing Scams
  • Guard Against Phishing Emails Be Safe on the Internet
  • Report Data Loss to IRS/States

All Tax Professionals must enact security safeguards

The “Security Six,” are the must-have areas to secure Taxpayer’s data on Tax Professional’s computer:  

  1. Antivirus software
  2. Firewalls
  3. Two-factor authentication
  4. Backup software/services
  5. Drive encryption
  6. Data security plan

Suggestions from Victimized Tax Professionals  

Tax Professionals that have experienced data thefts or breaches that exposed their clients’ personal information to cybercriminals and to tax-related identity theft have made suggestions to their colleagues and the IRS and the Security Summit.  The suggestions are:

  • Get cyber insurance coverage
  • Password protect each client account
  • Use a virtual private network (VPN) for remote connections
  • Lesson: Keep all security software updated

Don’t be a victim of your own making

The tax community and Taxpayers continue to be targets for cybercriminals.  Tax Professionals may be jeopardizing data loss for their clients and their businesses.  Taxpayers ought to ask Tax Preparers what safeguards they have implemented in their practices – no matter the size of the size of the business.  Tax Professionals ought to practice “safe cyber etiquette”.