Tax Season Defense: Strengthening Your Security Resources

November 27, 2023

The Internal Revenue Service (IRS) and the Security Summit launched the 8th National Tax Security Awareness Week on November 27^th2023, providing tips for taxpayers and professionals to safeguard sensitive information during the holiday and tax season.

The focus is on protecting against scams and identity theft. Suggestions include shopping on secure websites, avoiding unsecured public Wi-Fi, updating security software, using strong passwords, and implementing multi-factor authentication. Tax professionals are urged to employ separate devices, avoid conducting business on personal devices, and be vigilant against emerging vulnerabilities.

The IRS warns of ongoing tax scams, particularly those related to promised tax refunds and Economic Impact Payments. Additionally, caution is advised against gift card scams and making payments through untraceable methods. The IRS encourages individuals and professionals to stay informed and report any of these IRS-related scams phishing@irs.gov.

Here are five tips to fortify the defenses and keep client data safe.

1. Lock Down Your Data with Encryption:

In simple terms, think of encryption as a super-secure lock for your client data. Whether it's traveling through the internet or sitting on your computer, encryption tools act like unbreakable shields. This means that even if someone tries to sneak a peek without permission, all they'll see is a bunch of scrambled, unreadable information. It's like putting your client data in an impenetrable fortress, keeping it safe from prying eyes.

2. Prioritize Ongoing Security Training:

The human element is often the weakest link in cybersecurity. Regularly conducting security training for all staff members is essential. Equip your team with the knowledge to identify phishing attempts, recognize social engineering tactics, and emphasize the importance of maintaining strong password hygiene. An educated team is a resilient team.

3. Establish a Secure Client Portal:

Move beyond traditional methods of document exchange and consider setting up a secure online portal. This provides clients with a safe space to upload and access their documents. Not only does this reduce the risk associated with email communication, but it also creates a controlled environment for secure file sharing.

4. Adopt Multi-Factor Authentication (MFA):

Strengthen access controls by implementing multi-factor authentication across all systems and accounts handling client information. MFA adds an additional layer of verification beyond passwords, making it significantly more challenging for unauthorized users to gain access. This simple yet effective step can thwart many common cyber threats.

5. Regularly Monitor and Audit Access:

Vigilance is key. Regularly audit and monitor who has access to client information and the actions they perform. Ensure that access privileges are granted on a need-to-know basis, and promptly revoke access for individuals who no longer require it. By keeping a close eye on access logs, you can swiftly detect and respond to any unusual or suspicious activities.

Implementing these additional safeguards is crucial for businesses, tax professionals, and taxpayers to shield themselves from potential identity theft. Avoid engaging in risky activities such as web surfing, gaming, or video downloading on business computers or devices. Steer clear of sharing USB drives or external hard drives between personal and business devices, and never connect unknown or untrusted hardware to the system or network. Maintain a proactive approach to security by changing passwords regularly, with a recommended frequency of every three months, and consider employing a password management application for secure storage. By adhering to these practices, individuals and businesses can significantly enhance their defense against identity theft and ensure a more secure digital environment.

Are you still unsure how to safeguard your client’s information? Check out the expertise of our partner, Saber Tech Group, and let the professionals manage your defenses to create a WISP (Written Information Security Plan) specific to your office. Click here to learn more.

------------------------------------------------------------------------------------------------

Find more resources here:

For Individuals:

Pub 4524: Security Awareness For Taxpayers (Spanish)
Pub 5461: Protect personal and financial information online (Spanish) (Chinese zh-s)
Pub 5461-B: Get an Identity Protection PIN (Spanish) (Chinese zh-s)

For Businesses:

Pub 5461-C: Businesses should watch out for tax-related scams and implement safeguards (Spanish) (Chinese zh-s)
National Institutes of Standards & Technology IR-7621: Small Business Information Security

For Tax Professionals:

Pub 5417: Basic Security Plan Considerations for Tax Professionals (Spanish)
Pub 5461-D: Tax professionals should review their security protocols (Spanish)
(Chinese zh-s)

Pub 5461-F: Use Digital Signatures and to Submit IRS Forms and Review Account Details on Secure Portal (Spanish) (Chinese zh-s)