IRS Tax Tip 2018-09, January 18, 2018
To protect their offices and client data, many tax preparers hire a cybersecurity professional. Because every tax office is unique, preparers should consider specific concerns they have. They should present those to their cybersecurity professional, which will help safeguard both the preparer’s business and their clients’ data.
The IRS provides these four things for tax preparers to consider when evaluating and selecting a cybersecurity professional that fits their situation or business.
- Preparers can talk to other business owners or professionals they know and trust for recommendations and references.
- Ultimately a preparer or business owner will need to select the person they trust most. They should choose someone with whom they feel comfortable discussing the safety and security of their business and clients.
- Preparers should ask questions of the candidates to learn just how much experience they have in data protection. Here are five examples of questions preparers can ask:
- How does ransomware work and what can we do to protect our systems?
- What are the best options to securely back-up data and why are those options the best?
- Do you have suggestions regarding the following: data encryption, malware, firewalls, disaster recovery and remote access tools?
- Have you ever created a security plan for a similar business?
- Can you do an assessment of my systems and processes to find vulnerabilities or weaknesses? If so, will you then provide recommendations to strengthen my security?
- Will you provide ongoing monitoring of my systems as security threats evolve? If so, how often do you recommend changes?
- Anyone hiring a cybersecurity professional should secure an agreement or engagement letter to ensure both parties understand the terms of the agreement.
This tip is part of the “Protect Your Clients; Protect Yourself” campaign. This campaign raises awareness among tax professionals about their legal obligation to protect taxpayer data and to highlight the security risks posed by identity thieves. It is an initiative of the Security Summit, a joint project by the IRS, states and the tax community to combat identity theft. Because of the sensitive client data held by tax professionals, cybercriminals increasingly are targeting the tax preparation community. For additional information, see Data Theft Information for Tax Professionals on IRS.gov.