IRS Tax Tip 2018-131, August 22, 2018
To help protect their clients’ data from cyberthieves, tax preparers should consider encrypting all sensitive data. In fact, encryption protocols should be standard features of any data security plan that must be created by all professional tax return preparers, which is required by the Federal Trade Commission and its Safeguards Rule.
Here are a few basic steps for tax preparers to consider about encryption. These will help protect client data stored on computer systems. Preparers should:
- Use drive encryption to lock all files on computers and on all devices. Drive or disk encryption often is a stand-alone software product. It converts text in files into an unreadable format for anyone who makes an unauthorized access. Entering the password unlocks the files for legitimate users.
- Backup encrypted copies of client data to external hard drives or use cloud storage. If using external drives, preparers should keep them in a secure location. If choosing cloud storage, they should encrypt the data before uploading to the cloud.
- Avoid attaching USB drives and external drives with client data to public computers.
- Avoid installing unnecessary software or applications to the business network.
- Avoid offers for “free” software, especially security software. This is often a ruse by criminals.
- Download software or applications only from official sites.
- Perform an inventory of devices where clients’ tax data are stored, such as laptops, smart phones, tablets and external hard drives.
- Take an inventory of software used to process or send tax data, such as systems, browsers, applications, tax software and web sites.
- Limit or disable internet access capabilities for devices that have stored taxpayer data.
- Delete all information from devices, hard drives, flash drives, printers, tablets or phones before disposing of devices.
- Physically destroy hard drives, tapes, USBs, CDs, tablets or phones by crushing, shredding or burning.
- Shred or burn all documents containing taxpayer information before throwing them away.
The IRS and its partners in the Security Summit are reminding preparers about the importance of strong passwords as part of the Tax Security 101 awareness initiative. This is intended to provide tax professionals with the basic information they need to better protect taxpayer data and to help prevent the filing of fraudulent tax returns.
- Publication 4557, Safeguarding Taxpayer Data
- Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology