Data security is undeniably among a tax professional’s most important responsibilities, and the IRS continues to do its part to ensure that all practices are compliant. If you haven’t already renewed your preparer tax identification number (PTIN) for 2020, chances are that you will soon. When you do so, you’ll discover the addition of a data security responsibilities statement — the acknowledgement of which is required by federal law. But what exactly does this agreement accomplish?

Important Steps to Stop Cyber Criminals — IRS Best Practices

Tax professionals have long been a primary target for criminals seeking valuable taxpayer data. Birthdates, addresses, SSNs, and more continue to line the pockets of identity thefts and the underhanded companies that employ them.

Fortunately, there are proven ways to deter those who would defraud your business and the clients you serve. The IRS has released specific, simple steps that are easy to implement in practices of all sizes, including:

  • When sharing files with your clients, ensure that all documents are encrypted and password protected.
  • Utilize a reliable and secure external server to back up all sensitive client data.
  • Always properly dispose of any hard drives, USB drives, and hard copies of documents that contain client information.
  • Use two-factor authentication whenever possible.
  • Encourage potential clients to make contact with your practice via phone first; attachments in emails may contain harmful malware or links to phishing sites.
  • Ensure that anti-virus software is up to date on all devices used professionally in your practice.

As always, the first step any employee should take upon suspecting a breach of data is direct contact with the IRS.

Further Security Measures to Protect Client Data

It’s also of great importance that your practice maintain a written data security plan that adheres to the FTC’s Safeguard Rule. While keeping your clients’ data secure is clearly a matter of ethics and professional duty, it is also required by law. If your business is ever the victim of a data breach, a proper security plan can equip you with the preparedness necessary to address any consequences that arise.

By law, all professional tax practices must employ risk management measures, including employee training that focuses on how to properly utilize information systems and detection of system failures. The “see something, say something” protocol is a good rule of thumb — even the most innocuous email may contain potentially harmful viruses, putting your clients and your entire business at risk.

The IRS has released a comprehensive list of suspicious activity frequently associated with identity theft. These are some of the most significant issues to share with employees within your practice:

  • E-filed returns that are rejected by the IRS or state tax agencies. This frequently occurs when a cybercriminal has fraudulently filed a return with a client’s Social Security number.
  • Refunds that are administered to clients who have not yet filed a return.
  • Any situation in which clients receive an unexpected notice that an IRS account in their name has been created, accessed, or disabled.
  • Anytime the number of returns you file with your practice’s EFIN is higher than the number of clients you serve in a given tax year.
  • Instances in which clients haven’t yet filed a return, but start to receive authentication documents or unrequested tax transcripts from the IRS.
  • Email responses from clients or tax professionals that seem suspicious or out of place.
  • Any signs of malware, including network computers that lock out employees, run more slowly than usual, or otherwise behave strangely.

TaxAct Professional’s Commitment to Our Customers

For more than 20 years, TaxAct® has provided tax professionals of all sizes with cutting-edge tools to help their practices grow and succeed. Regardless of the size of your business, we are here to help you and your clients enjoy a safe, secure, and ever-reliable filing experience.