Taxpayers entrust tax return preparers with the data that informs almost every aspect of their finances, and cyber criminals know it. That’s why they’ve ratcheted up their tax-related identity theft efforts, and it’s why data security should be a top priority for the tax industry.
We don’t have to tell you that tax prep tends to rely on word-of-mouth recommendations. And a catastrophic data breach—often resulting in the loss of your clients’ trust—could mean permanently closing the doors to your tax practice.
Some of the items in the IRS Tax Tip—like how to dispose of old files—won’t be news to anyone who has kept paper records for several years, but the information here is a good checklist for someone who wants to beef up this aspect of their data security plan.
Without further ado, here are the IRS’ twelve steps for protecting client data:
• “Use drive encryption to lock all files on computers and on all devices. Drive or disk encryption often is a stand-alone software product. It converts text in files into an unreadable format for anyone who makes an unauthorized access. Entering the password unlocks the files for legitimate users.
• Backup encrypted copies of client data to external hard drives or use cloud storage. If using external drives, preparers should keep them in a secure location. If choosing cloud storage, they should encrypt the data before uploading to the cloud.
• Avoid attaching USB drives and external drives with client data to public computers.
• Avoid installing unnecessary software or applications to the business network.
• Avoid offers for “free” software, especially security software. This is often a ruse by criminals.
• Download software or applications only from official sites.
• Perform an inventory of devices where clients’ tax data are stored, such as laptops, smart phones, tablets and external hard drives.
• Take an inventory of software used to process or send tax data, such as systems, browsers, applications, tax software and web sites.
• Limit or disable internet access capabilities for devices that have stored taxpayer data.
• Delete all information from devices, hard drives, flash drives, printers, tablets or phones before disposing of devices.
• Physically destroy hard drives, tapes, USBs, CDs, tablets or phones by crushing, shredding or burning.
• Shred or burn all documents containing taxpayer information before throwing them away.”
The Tax Tip ends by providing links to the IRS’ Publication 4557 and the National Institute of Standards and Technology’s “Small Business Information Security: The Fundamentals.” Both documents are great for learning more about developing a comprehensive, effective data security plan.
Be safe out there.