Aside from being required by the FTC to have a written data security plan, criminals have increasingly been targeting tax professionals with phishing emails and social media messages. The pandemic—it turns out—has simply given them even more opportunities to create fraudulent government announcements.
To help prevent future tax-office data breaches, the Security Summit is recommending that tax pros review their security protocols before tax season begins. What better place to start than with the fundamentals?
What are the “Security Six?”
The IRS describes that the Security Six as “easy steps [that] can make a big difference, both for tax pros and taxpayers.” So, let’s take a look at what they recommend:
- Use anti-virus software and set it for automatic updates to keep systems secure. This includes all digital products, computers, and mobile phones.
- Use firewalls. Firewalls help shield computers from outside attacks but cannot protect systems in cases where users accidentally download malware, for example, from phishing email scams.
- Use multi-factor authentication to protect all online accounts, especially tax products, cloud software providers, email providers and social media.
- Back up sensitive files, especially client data, to secure external sources, such as external hard drive or cloud storage.
- Encrypt data. Tax professionals should consider drive encryption products for full-drive encryption. This will encrypt all data.
- Use a Virtual Private Network (VPN) product. As more practitioners work remotely during the pandemic, a VPN is critical for secure connections.
The IRS press release also notes that learning to identify and avoid common phishing scams is an essential step in avoiding data theft. Tax-pro-specific scams tend to have messages about expired account passwords, EFIN verification, and e-filing-related messages that appear to come from the IRS.
What should I do if I receive a phishing email or social media message?
First, never open an email or social media message that you suspect is a phishing scam. If you accidentally open the email, make sure you don’t click on any attachments or embedded links, since they could lead to a fake website or contain information-stealing malware or ransomware.
If you think you’ve received a tax-related phishing scam, be sure to report it to the IRS and TIGTA. That way, they can add it to their database of current scams and warn other tax professionals and taxpayers about it.
Remember, when it comes to data security, we’re all in this together.
Where can I find a sample tax office security plan?
In addition to reviewing these basic tips, you can check out the Drake Software Tax Office Security Plan. This sample security is composed of a series of worksheets that address common security-related issues, like classifying stored information, identifying threats, and prioritizing potential issues.
Visit our “Easy Steps to Create Your Mandatory Tax Office Security Plan (SAMPLE INCLUDED!)” blog to download a free copy.
Source: IR-2021-239