At the beginning of the pandemic, almost every aspect of life was switched to online platforms including all things finance, accounting, and taxes. Six months later, we’re still performing several services remotely and cybersecurity especially is a concern most tax preparers and taxpayers have. Over the past few weeks, the IRS has released several statements with their own tips and advice for keeping financial data safe for clients and financial businesses.
The first step to ensuring cybersecurity for your clients and business and implementing different Firewalls, anti-virus softwares and more to your professional and employee devices. Options include:
- Anti-virus software that does automatic and manual scans
- Firewalls that provide protection from outside threats
- Two-factor authentication for employees and clients
- Cloud device or software to backup information to avoid loss
- VPN or another type of private network
These are critical for remote employees who handle sensitive information like social security numbers, tax information, banking information and more.
For tax professionals, phishing emails are one of the most common threats to cybersecurity. Phishing emails generally have messages that incite urgency, may look official or include an attachment that seems familiar. This may include emails that deal with login information and more. Phishing emails generally redirect the victim to a site that looks like a trusted source, but really is not.
The minute an employee clicks on a phishing email or attachment, malware is downloaded onto the user’s computer and their keystrokes are tracked, allowing thieves to easily steal personal information and important business information.
Now especially, COVID-19 related emails have been prevalent for both tax pros and taxpayers. With the threat of a pandemic, it is easy to incite fear in taxpayers. Common COVID-19 related emails have been in relation to face mask providers, personal protective equipment, IRS impersonation and Economic Impact Payments.
The federal law requires that tax professionals and tax businesses must have a written information security plan, which means you probably already have one! However, as the pandemic and remote work continues, it may be time to re-adjust your plan.
The first thing you should consider adding to your amended plan is how you would handle an emergency in which client information has been compromised. This includes the steps a remote employee should take in this event.
If you experience data theft, you should do the following immediately:
- Report it to the local IRS Stakeholder Liaison, who will notify the IRS Criminal Investigation.
- Email the Federation of Tax Administrators at email@example.com.
As for the remained of your information security plane, you should be sure to follow these FTC require guidelines:
- designate one or more employees to coordinate its information security program;
- identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
- design and implement a safeguards program and regularly monitor and test it;
- select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
- evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring
However you choose to handle cybersecurity and data protection, the IRS has several relevant resources that can be implemented during times of uncertainty and beyond.