Protect Your Clients; Protect Yourself
The IRS and the Security Summit Working Group have created a Data Security Resource Guide to help Tax Professionals protect taxpayer's data. You can download a copy at IRS.gov/ProtectYourClients
Here's a sampling from the Data Security Resource Guide:
- Learn to recognize phishing emails, especially those pretending to be from the IRS, e-Services, a tax software provider or cloud storage provider. Never open a link or any attachment from a suspicious email. Remember: The IRS never initiates initial email contact with tax pros about returns, refunds or requests for sensitive financial or password information
- Create a data security plan using IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security – The Fundamentals, by the National Institute of Standards and Technology.
- Review internal Controls
- Install anti-malware/anti-virus security software on all devices (laptops, desktops, routers, tablets and phones) and keep software set to automatically update.
- Use strong and unique passwords of 8 or more mixed characters, password protect all wireless devices, use a phrase or words that are easily remembered and change passwords periodically.
- Encrypt all sensitive files/emails and use strong password protections.
- Back up sensitive data to a safe and secure external source not connected fulltime to a network.
- Wipe clean or destroy old computer hard drives and printers that contain sensitive data.
- Limit access to taxpayer data to individuals who need to know.
- Check IRS e-Services account weekly for number of returns filed with EFIN.
- Report any data theft or data loss to the appropriate IRS Stakeholder Liaison
- Stay connected to the IRS through subscriptions to e-News for Tax Professionals, QuickAlerts and Social Media
