Step Up Your Security Education

The IRS and its Security Summit partners are reminding tax pros that their staff plays a crucial role in protecting client data.
In the seventh edition of the IRS’ “Tax Security 101” campaign, the Service notes that 217 tax professionals have reported data thefts through August 9 of this year, a 30 percent increase over the same period in 2017.
All of your employees should be aware of the dangers related to phishing emails, especially spear phishing. An employee does not have to be a tax preparer to accidentally disclose critical password information or download malware that could infect and impact all office computers and risk the theft of client data.
Remember that all professional tax return preparers must adhere to the “Safeguards Rule” set out by the Gramm-Leach-Bliley Act of 1999, administered by the Federal Trade Commission (FTC). The FTC provides a list of security steps including employee management and training, and the IRS has added more specifically for tax professionals:
  • Check references or conduct background checks before hiring employees who will have access to customer information.
  • Ask every new employee to sign an agreement to follow the company’s confidentiality and security standards for handling customer information.
  • Limit access to customer information to those employees who have a business reason to see it. For example, give employees who respond to customer inquiries access to customer files, but only to the extent they need it to do their jobs.
  • Train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, including locking rooms and file cabinets where records are kept and not sharing or openly posting employee passwords in work areas.
  • Impose disciplinary measures for security policy violations.

Click here for more security tips from the FTC and resources for creating your written data security plan.