Critical Security Best Practices

The IRS recently released a new “Taxes-Security-Together” Checklist with their Security Summit partners. The list is to help tax professionals review critical security steps to ensure they are fully protecting their computers and email as well as safeguarding sensitive taxpayer data.

Although much has been done to reduce the amount of tax-related identity theft and fraudulent returns, cybercrime continues to be a problem. The IRS is urging tax professionals to take time this summer to review their security safeguards. To help them, they’ve created a 5 part series called the “Taxes-Security-Together” Checklist.

“These six steps are simple actions that anyone can take,” said IRS Commissioner Chuck Rettig. “The important thing to remember is that every tax professional, whether a sole practitioner or a partner in a large firm, is a potential target for cybercriminals. No tax business should assume they are too small or too smart to avoid identity thieves.”

“Security Six” Protections

As tax preparer, we handle a lot of sensitive data. The “Security Six” steps are best practices that fall into several major security categories.

1. Anti-virus software

Anti-virus software is a must. It scans your computer files or memory for certain patterns that may indicate the presence of malware. Not only should you have anti-virus software, but you should also make sure it is updated regularly. Anti-virus vendors find new issues and update malware daily, if yours is not up-to-date, it may miss something, leaving your customer data vulnerable.

2. Firewalls

Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary web traffic and preventing malicious software from accessing your systems. They can block data from suspicious locations or applications while allowing relevant and necessary data through.

3. Two-factor authentication

Two-factor authentication helps by adding an extra layer of protection beyond a password. Often two-factor authentication means the returning user must enter credentials (username and password) plus another step, such as entering a security code sent via text to a mobile phone.

This should be used on all email accounts used at your firm. This way if a thief gets ahold of your a username and password, they will also have to have your phone to gain a security code to get in.

4. Backup software/services

Make sure you are regularly backing up critical files on your computers to external sources. Your files can be copied and stored online as part of a cloud storage service or an external disk. Your backups should also be encrypted.

5. Drive encryption

Drive encryption software transforms data on your computer into unreadable files for an unauthorized person accessing the computer to obtain data.

6. Virtual Private Network

If your employees occasionally connect to unknown networks or work from home, you need to establish an encrypted Virtual Private Networks (VPN) to allow for a more secure connection. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network.

This is just part one in the IRS 5 part security checklist this summer. Read the full release here and look for the rest of the steps in the coming weeks:

  • Deploy “Security Six” basic safeguards
  • Create data security plan
  • Educate yourself on phishing scams
  • Recognize the signs of client data theft
  • Create a data theft recovery plan, and call the IRS immediately