Tax professionals must take some basic security steps to keep their clients’ data as well as their businesses safe. Tax professionals should review and update the following internal controls:
All devices (phones, tablets, laptops, desktop, and routers) should have security software installed on it, and the software should automatically update. The various types of security software (anti-virus/anti-spyware/anti-malware) prevents bad or unauthorized software from damaging your computer or stealing information. The firewall will help to block unwanted connections. If any of your devices are lost or stolen, the Drive Encryption protects your information from being accessed.
All tax practitioners should create unique passwords to be used when accessing any of their devices, wireless networks, cloud storage, or tax software products. The password should have at least eight characters made up of symbols, letters, and numbers. Password lists should be stored in a secure location.
All sensitive emails/files should be encrypted and protected by strong passwords.
Sensitive data must be backed up to a secure external source that is not connected to a full-time network. Do not attach USB drives containing client information to public computers; also, do not attach a client’s USB drive to your office computers.
Before e-filing always review the tax return, paying special attention to the direct deposit information.
Computer hard drives and printers that have sensitive information should be wiped clean or destroyed (physically or using security software shredder) before being discarded.
Access to taxpayer data should be limited to only people who need to know.
Keep track of the number of returns that were filed using your EFIN, weekly using the IRS e-Services. Keeping track of the returns electronically filed should be done year-round as cybercriminals operate year-round.
Any loss or theft of your data should be reported to the IRS Stakeholder Liaison for your area.