Cybercriminals have been busy for the past few years. They have increasingly targeted taxpayers and tax professionals alike with phishing scams and other types of tax-related fraud. While the Security Summit – a partnership between the IRS, state tax agencies, and members of the tax industry – helped stop many tax-related identity theft schemes in 2016, they know that being proactive and developing a solid security plan is one of the best ways to prevent being a victim of fraudsters.
The IRS recently issued a press release focusing on safeguarding taxpayer data: a three-step process to help tax professionals start thinking about vulnerabilities and developing a plan to address them. Below is an excerpt from the tax tip:
“Step 1: Complete a risk assessmentThis means identifying the risks and potential impacts of unauthorized access, use or disclosure of information. It also means looking at what happens if someone modifies or destroys that information or the computer systems that can be used to access taxpayer data. Ask yourself these questions:
• How vulnerable is your customer’s data to theft, disclosure, alteration or unrecoverable loss? • What can you do to reduce the impact to your customers and your business in such an event? • What can you do to reduce vulnerability?Step 2: Write and follow an Information Security Plan
The plan should:
• Address every item identified in the risk assessment. • Define safeguards you want staff, affiliates and service providers to follow. • Require a responsible person to review and approve the Information Security Plan • Require a responsible person to monitor, revise and test the Information Security Plan on a periodic (annual) basis to address any system or business changes or problems identified.Step 3: At least once a year, if not more, perform an internal assessment
• Evaluate and test the security plan and other safeguards you have in place. • Document any deficiencies. Create and execute a plan to address them.” IRS Publication 4557 – part of the Protect Your Clients; Protect Yourself campaign – includes a more in-depth look at keeping taxpayer data safe.