Tax Tip 2019-122, September 5, 2019
Tax professionals and their employees can take steps to help prevent thieves from stealing sensitive data. Cybercriminals use phishing emails and malware to gain control of computer systems or to steal usernames and passwords.
Here are some simple steps that tax pros and their employees can take to protect their clients’ data. They should:
- Use separate personal and business email accounts.
- Protect email accounts with strong passwords and two-factor authentication if available.
- Install an anti-phishing tool bar to help identify known phishing sites.
- Use anti-phishing tools that are included in security software products.
- Use security software to help protect systems from malware and scan emails for viruses.
- Never open or download attachments from unknown senders, including potential clients. They should instead make contact first by phone.
- Send only password-protected and encrypted documents when files must be shared with clients over email.
- Not respond to suspicious or unknown emails.
- Forward scams that are related to the IRS to email@example.com.
All tax professionals should remember they must have a written data security plan. This is required by the Federal Trade Commission and its Safeguards Rule.
- Publication 4557, Safeguarding Taxpayer Data (PDF)
- Small Business Information Security: The Fundamentals (PDF) by the National Institute of Standards and Technology.
- Publication 5293, Data Security Resource Guide for Tax Professionals (PDF)