Managing my email inbox rates somewhere close to standing in line at the DMV: a tedious necessity that threatens to unravel my sanity every time it crosses my mind. Even though sorting emails is like watching paint dry, seeing “unfamiliar activity” sends me straight into a panic attack especially if it’s followed by being unable to log into the affected account. Luckily, there are security protections that can prevent identity thieves from being able to break into my online accounts.
Given the unprecedented number of taxpayers and tax professionals who have been forced to telework in the wake of the coronavirus pandemic, the Internal Revenue Service, state departments of revenue, and private members of the tax industry teamed up to develop a list of security recommendations that they are unveiling over five weeks: The Security Summit “Working Virtually: Protecting Tax Data at Home and at Work” campaign.
As with previous campaigns, the Summit’s goal is to prevent tax-related identity theft schemes. Identity thieves use these scams – often malware-infected phishing emails – to steal personally identifiable information and account-login credentials to fraudulently file tax returns and apply for financial services.
What is the data security recommendation for Week 2 of the Security Summit Working Virtually campaign?
Week 2 of the Working Virtually campaign shines a light on the importance of using multi-factor authentication (MFA) to protect your devices and online accounts. If you have ever created a third-party, web-based email account like Gmail or Yahoo! Mail, you are probably familiar with this security step. The Summit says MFA, in particular, is very effective at keeping scammers away from your accounts.
Normally, you are asked to enter a username and password when accessing protected accounts. Think of this as “single-factor authentication.” Multi-factor authentication asks for another piece of information during the account-login process. In many cases, it’s a randomly generated security code that is sent to a designated email account, SMS message account, or mobile application, which you then type into the required field.
While all three options are better than relying solely on a password to protect your tax software, bank account, and office network, the Security Summit recommends using an authentication app. Even with the victim’s other login information in hand, “it’s unlikely the thief will have stolen the practitioner’s cell phone so he would not receive the necessary security code to access the account.” (Remember, if thieves have your PII, they can probably access your email account.)
Even better, the process generally takes just a few minutes to set up, and entering the code is as simple as typing the numbers sent by the authentication service. That’s why the Security Summit recommends using MFA on every supported device and account – even your tax software.