As a tax preparer, you are privy to a lot of confidential information – information that could do your clients severe harm if it ended up in the wrong hands. This year, the IRS has been making a lot of changes to their processes to help guard taxpayers against the growing number of individuals who commit tax fraud and identity theft. They’ve also launched a campaign for tax preparers called the “Protect Your Clients; Protect Yourself” campaign. According to the IRS, this campaign is “intended to raise awareness among tax professionals on their responsibilities and the common sense steps they can take to protect their clients from identity theft and to protect their businesses.”
As a tax preparer, you have a legal responsibility to have safeguards in place for maintaining, sharing, transmitting, and storing taxpayer data. Taxpayer data is defined as “any information obtained or used in the preparation of a tax return.”
Here are some ways to ensure you are protecting your client’s information.
Your Security System
Overall, your security software needs to be top-notch. It should include a firewall, anti-malware and anti-virus programs. Having multiple layers of security creates redundancy in your security systems. This will make your system harder to get into and scare away hackers who are looking for an easy target.
Password protect everything that contains client data – including all computers. Adopt a “need to know” policy, restricting access to client data and tax software to authorized individuals. Make sure everyone has their own login and password for computers and software so that you know who is accessing what and when. Revoke logins after an employee ends their employment with your company.
You should also require employees to change their passwords every 60-90 days and make sure that they use strong passwords that contain numbers, symbols, upper & lowercase letters (so, no making “password” your password).
Updates to your systems
Keep up with updates for all software and when possible elect to automatically update. Program and system updates are designed to protect you against the latest viral attacks and ensure that your systems are running properly.
Make sure that all of your employees know the importance of and responsibility for protecting client data. This should be a part of employee training. Proper procedures for securing information must be discussed on an ongoing basis. Employees need to be aware of the most current phishing schemes so that information isn’t leaked.
Secure Wireless Connection
Make sure your WiFi network is password protected and is not given to just anyone who wants access.
All old paperwork needs to be properly disposed of via shredding or incinerating.
Lock up client files
Taxpayer data in the form of paperwork or other portable media needs to be stored in a secure place – under lock and key. Remind employees not to leave client information on their desks or in a public area, such as a copy room.
Files and information sent through the internet needs to be encrypted. This includes all emails containing taxpayer data.
Data Loss Prevention
Your data needs to be backed up frequently on either an external hard drive that is kept in a secure location with limited access by others, online through a secure connection. Data should always be stored on two kinds of media (paper, external hard drive, a disk, the cloud, etc.).
Secure your office
Don’t forget to secure your building as well. You should always lock your doors and file cabinets and possible secure your computers in the event of a break-in. In addition to locks you should have security cameras and an alarm system on your company’s property.
Read Publication 4557
Safeguarding Taxpayer Data: A Guide for Your Business is an IRS Notice that provides state and federal regulations on securing your customer data. There are many things to take into account when it comes to securing financial data so make sure you are familiar with the laws and best practices. The IRS also has a Quick Reference Guide you can read and distribute to employees.
There is insurance available to protect you and your clients from a data breach or Cyber Attack. If you haven’t already, look into Errors and Omissions Insurance.
Other Quick Tips from the IRS
- Use caution when allowing or granting remote access to internal networks containing sensitive data
- Terminate access to taxpayer information for anyone who is no longer employed by your business
- Create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data
- Provide periodic training to update staff members on any changes and ensure compliance
- Protect your facilities from unauthorized access and potential dangers
- Create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft
“We have more than 700,000 tax preparers in this country, with many of those taking good security precautions,” said IRS Commissioner John Koskinen. “But cybercriminals are continuing to evolve, using new technology, ruses and scams. The tax community handles large volumes of sensitive personal and financial information. We need every tax professional to stay on top of their security to protect taxpayers as well as their businesses.” – IRS Commissioner John Koskinen
More Great Reads