Cyberattacks against tax firms are on the rise, putting taxpayer data at risk. Learn to protect your firm and your client data with these cybersecurity tips.
Safeguarding any business and client data is important. As tax season draws nearer, however, the IRS is particularly concerned with how businesses and tax firms work to protect taxpayer data. Cybercriminals thrive in the tax season, taking advantage of unprotected or poorly protected firms in order to file fraudulent tax returns. Whether you’re in the business of filing taxes or simply want to better protect your client and customer data, these tips on cybersecurity methods have you covered.
Chris Chao, a cybersecurity expert that focuses on accounting firms with Centerpoint IT shares his insights into the importance of year-round cybersecurity in with accounting organisations.
The Importance of Cybersecurity
As of 2018, 32.7% of U.S. adults had experienced a hack to their email account or social media. Personal accounts, however, aren’t the only data that is at risk. Large public breaches, such as the Yahoo hack, affected 3 billion users. Marriott’s data breach, reported at the end of 2018, impacted 500 million accounts.
According to the IRS, data theft at tax professionals’ offices is on the rise, and so too should be our diligence about protecting user and taxpayer data. Cyber attacks are the fastest growing crime in the U.S., and is an increasing threat throughout the globe as more and more of the world’s population become internet users. Finding new and effective ways to protect client data is more important than ever.
Stay Up to Date on Security Regulations
One of the first steps to protecting your company and consumer data is understanding your legal responsibilities as a small business or tax firm. IRS publication 4557 is designed to help tax firms, especially those that do e-filing for individual income tax returns, develop a security plan to ensure their taxpayer data is secure. Reviewing all tax security regulations before you develop your plan will help you hone in on the best practices for the type of data you and your company store and utilize.
Install Security Software
Anti-virus, firewall, and drive encryption software won’t stop every cyber threat out there, but this basic practice will help serve as a layer of protection between you and identity thieves looking for taxpayer data. Anti-virus and anti-spyware software help protect your devices from malware or unauthorized software. Keeping this software up to date is also an important step. Regular updates help the software identify the newest threats and stop them before you even know they are there.
Back-Up and Protect Stored Data
Stored data that is not encrypted has a higher risk of getting hacked. It is good practice to encrypt any stored data with passwords prior to backing them up to the cloud or a server. Also, avoid using public computers or networks to access this stored data, and wipe clean any old hard drives or storage devices that are no longer in use.
Closely Monitor Business Activity
Spotting data theft can be easier than we think if we know where to look. For tax professionals, keeping an eye on the number of returns filed with your Electronic Filing Identification Number will help you stay on top of any fraudulent returns. Unexpected rejected returns, notices to your clients about returns they haven’t yet filed, other unusual communications, and even a slower-than-normal network can all be indicators of data breaches.
Learn to Recognize and Report Cyber Crime
Cybersecurity Ventures predicts that businesses will fall victim to ransomware attacks every 11 seconds by 2020. That is a dramatic change from the already high number of attacks on businesses—every 40 seconds—as of 2016. The biggest contributor to these attacks is people unknowingly clicking on phishing emails and scams, allowing the ransomware to infiltrate a computer or network, and locking up important data.
Learning to recognize phishing emails, especially those that appear to be from the IRS, tax software providers, your data storage provider, or other legitimate organizations that may contact you via email. Don’t download attachments or click on links in any suspicious email, and pay close attention to the email address, subject line, and domain names in links. The slightest hint—a missing letter, misspelled words, or the use of hyphens and dashes—could indicate a scam.
Once a scam is identified, report directly to the appropriate authority. For tax-related breaches, report to the IRS and they may then encourage you to also report to the FBI or Secret Service. File a police report with the local police in the event of a data breach, and the state Attorney General or Federation of Tax Administrators to report a breach related to state taxes. – Read more