Filing season readiness for tax pros: review data safeguards
Issue Number: Tax Tip 2022-180
Filing season readiness for tax pros: review data safeguards
As tax professionals begin preparing for the upcoming filing season, reviewing their security measures should be at the top of their to-do list. The Taxes-Security-Together Checklist can help tax them identify the basic steps they should take to safeguard their clients and their business.
Here are some of the recommended safety measures.
Have security and data theft plans
The
IRS and Security Summit partners remind tax professionals that federal
law requires them to have a written information security plan. In
addition to the required information security plan, tax pros also should
consider an emergency response plan should they experience a breach and
data theft. This time-saving step should include contact information
for the IRS Stakeholder Liaisons, who are the first point of contact for data theft reporting to the IRS and to the states.
Use multi-factor authentication to protect tax accounts
Practitioners
can download to their mobile phones readily available authentication
apps offered through Google Play or the Apple Store. These apps will
generate a security code. Codes may also go to a preparer's email or
text, but the IRS notes those are not as secure as the authentication
apps. Tax professionals can search for "authentication apps" in a search
engine to learn more. For more information on multi-factor
authentication, taxpayers should visit the Cybersecurity and Infrastructure Security Agency website
Use virtual private networks to protect remote sites
A
VPN provides a secure, encrypted way to transmit data between a remote
user via the internet and the company network. As teleworking or working
from home continues, VPNs are critical to protecting and securing
internet connections.
Failure to use a VPN for remote communication can allow an attacker to eavesdrop on network communications.
Tax professionals should consult cybersecurity experts whenever possible. Practitioners can also search for "best VPNs" to find a legitimate vendor, or major technology sites often provide lists of top services. They should never click on a "pop-up" advertisement for a security product. Those generally are scams.
Avoid phishing scams and attempts to steal EFINs
Phishing
emails generally have an urgent message, such as "account password
expired." They direct users to an official-looking link or attachment.
However, the link may take users to a fake site made to appear like a
trusted source, where it requests a username and password. The
attachment may contain malware, which secretly downloads software that
tracks keystrokes and allows thieves to eventually steal all the tax
pro's passwords.
Scam emails can target tax pros by seeking EFIN information. One scam example says it's from "IRS Tax E-Filing" and has the subject line "Verifying EFIN before e-filing."
Tax pros should not take any of the steps outlined in these types of email, especially responding to the email.
Those who receive a scam email should save it as a file and then send it as an attachment to phishing@irs.gov. They also should notify the Treasury Inspector General for Tax Administration to
report the IRS impersonation scam. Both TIGTA and the IRS Criminal
Investigation division are aware of spear phishing scams targeting tax
preparers.
More information:
Publication 5293, Data Security Resource Guide for Tax Professionals
Share this tip on social media -- #IRSTaxTip: Filing season readiness for tax pros: review data safeguards. http://ow.ly/GFqv50LHgYq
Comments
Post a Comment