Secure company data by checking the tax pro’s data security!

Cyber thieves have shifted their targets from taxpayers to tax preparers, CPAs and other tax pros because one tax pro’s system offers dozens of taxpayers’ data.

Here’s what the IRS says a tax pro should have to protect your company’s data:

• All tax pro employees should be required to use strong passwords.
• All tax pro software and online services should use multi-factor authentication—i.e., a username and password plus additional authentication to access the software or service. The additional authentication might be a texted or emailed code, a fingerprint, or an iris scan, among other possibilities.
• Tax pro employee cell phones should be protected.
• Tax pro remote employees should use virtual private networks to protect internet communication.
• All sensitive data should be backed up to a secure external network not connected full-time to a network.
• All tax pro employees, including support staff, should be trained regularly in how to avoid phishing or spear phishing scams. Most cyber thieves use these scams to obtain access to a tax pro’s systems.
• The tax pro firm should ensure that its employees do not respond to emails from thieves posing as potential or actual clients, do not download
  attachments, and do not click on links in emails from unverified sources. Data files should be exchanged among employees or between employees and clients only over a secure system—never by email.
• All tax pro software and operating systems should be current—older software may still work but probably is full of security holes.
• Tax pro staff should be able to identify—and regularly search for—signs of a data breach.
• Tax pro papers with client information should be kept in locked cabinets with limited access when not in use, and there should be shredding/recycling protocols.
• Tax pros that handle taxpayer data are required by federal law to have a written data security plan. Does your tax pro have one? [IR-2021-170]